TechSpot

COM Surrogate

By Stuart Newman
Nov 4, 2014
  1. I have seen various posts on the COM Surrogate task. I have tried to run cleaners that have been referenced on several posts. I get a message saying that I am not allowed to download the files because of some settings. Please help.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Stuart Newman

    Stuart Newman TS Rookie Topic Starter

    I have ran the MBAM scan, but I am continually receiving a malicious website blocked window. They all say they are outgoing communication. They are all coming from c:\windows\syswow64\dllhost.exe

    This is from the MBAM scan.

    <?xml version="1.0" encoding="UTF-16"?>
    -<mbam-log>-<header><date>2014/11/04 19:18:12 -0500</date><logfile>mbam-log-2014-11-04 (19-18-07).xml</logfile><isadmin>yes</isadmin></header>-<engine><version>2.00.3.1025</version><malware-database>v2014.11.04.07</malware-database><rootkit-database>v2014.11.01.02</rootkit-database><license>trial</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine>-<system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>The Newmans</username><filesys>NTFS</filesys></system>-<summary><type>threat</type><result>completed</result><objects>326269</objects><time>2195</time><processes>0</processes><modules>0</modules><keys>23</keys><values>12</values><datas>0</datas><folders>18</folders><files>65</files><sectors>0</sectors></summary>-<options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options>-<items>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}</path><vendor>PUP.Optional.Linkey.A</vendor><action>success</action><hash>d8ef3205740839fd0362b3feca389070</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}</path><vendor>PUP.Optional.TopArcadeHits.A</vendor><action>success</action><hash>25a2b5828defae88522108df748ebc44</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>af18f93e9ddf9d990ca8ca1d26dc03fd</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>d5f2fd3aa8d4bc7ab7fee8ffe022bf41</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>ae199a9d97e51a1cb830ae3c7290de22</hash></key>-<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>349351e6a4d8e84e5b0491aa2ad9a55b</hash></key>-<key><path>HKLM\SOFTWARE\Updater By SweetPacks</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>9d2aa98e0676db5b8b0a4b359f65d42c</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>26a18aadf4884cea68664b1aa75ce917</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\SmdmF</path><vendor>PUP.Optional.SettingsManager.A</vendor><action>success</action><hash>5e69cf681c60e155c05105328f74c040</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\Updater By SweetPacks</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>b51225123e3e6ccae5b03d4341c301ff</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS</path><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><hash>ac1b5fd893e9e353cc748e148282c937</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>289f57e0116b0531a6c57cd2df24aa56</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>5e69ae89e79561d5fd6fe06ee61d0cf4</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>3f88a196aad2d165e81c2656c53f966a</hash></key>-<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT</path><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><hash>c00790a767151e1836e23c46e91b956b</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>e6e116216b116dc9fed1ff666a992ed2</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>c106082fff7d221493cc045b45be5fa1</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>5e6956e1bdbf7fb71007faa161a3936d</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>12b5a6912953b383d4b73b4548bc26da</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DOWNLOADTERMS</path><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><hash>02c50e29fb81aa8c330e5b477391768a</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>ccfb3007ee8e3df989542b396c97738d</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>4d7aba7d96e60c2a8299106b689cc739</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>12b505320379162041c21d5f26de0bf5</hash></key>-<value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}</path><valuename/><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata/><hash>fdca8bacbcc042f40b7509dd2fd3936d</hash></value>-<value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}</valuename><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata>C:\Program Files\Updater By SweetPacks\Firefox</valuedata><hash>fdca8bacbcc042f40b7509dd2fd3936d</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}</valuename><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata>C:\Program Files\Updater By SweetPacks\Firefox</valuedata><hash>fdca8bacbcc042f40b7509dd2fd3936d</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}</path><valuename/><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata/><hash>982f082f6a1283b3285823c354ae6799</hash></value>-<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>21a668cfb5c78bab56a635fe9d6629d7</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS</path><valuename>age</valuename><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><valuedata>1373947200</valuedata><hash>ac1b5fd893e9e353cc748e148282c937</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>6166ed4a7c0068ceaa52e2510201956b</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>{CE961C8D-DDAC-11E2-9279-78ACC0BC1EF5}</valuedata><hash>3f88a196aad2d165e81c2656c53f966a</hash></value>-<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT</path><valuename>URL</valuename><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><valuedata>SSWEETPACKS</valuedata><hash>c00790a767151e1836e23c46e91b956b</hash></value>-<value><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DOWNLOADTERMS</path><valuename>age</valuename><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><valuedata>1373947200</valuedata><hash>02c50e29fb81aa8c330e5b477391768a</hash></value>-<value><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0H1K1J1N2U0R1O1F</valuedata><hash>4d7aba7d96e60c2a8299106b689cc739</hash></value>-<value><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>{CE961C8D-DDAC-11E2-9279-78ACC0BC1EF5}</valuedata><hash>12b505320379162041c21d5f26de0bf5</hash></value>-<folder><path>C:\Users\The Newmans\AppData\Local\Smartbar</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>a621181fa2da1c1a12d6ce2c8a78619f</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Smartbar\Application</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>a621181fa2da1c1a12d6ce2c8a78619f</hash></folder>-<folder><path>C:\ProgramData\Conduit\IE</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>0bbc94a3b9c3d75ff697f10a7b8738c8</hash></folder>-<folder><path>C:\ProgramData\Conduit\IE\CT3306058</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>0bbc94a3b9c3d75ff697f10a7b8738c8</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\css</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Roaming\FirefoxToolbar\Settings Manager</path><vendor>PUP.Optional.SettingsManager.A</vendor><action>success</action><hash>4b7c64d3502c63d33126a47849ba56aa</hash></folder>-<folder><path>C:\Program Files (x86)\Common Files\Spigot</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></folder>-<folder><path>C:\Program Files (x86)\Common Files\Spigot\GC</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></folder>-<folder><path>C:\Program Files (x86)\Common Files\Spigot\Search Settings</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></folder>-<file><path>C:\Users\The Newmans\Downloads\Java_Updater_Setup.exe</path><vendor>PUP.Optional.OptimunInstaller</vendor><action>success</action><hash>1ea94cebbdbf0333ffd6eb5e09f718e8</hash></file>-<file><path>C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>349351e6a4d8e84e5b0491aa2ad9a55b</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>cbfcac8bc0bcd95d716d2c109f6426da</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\searchplugins\default-search.xml</path><vendor>PUP.Optional.DefaultSearch.A</vendor><action>success</action><hash>d8ef4ee93e3e80b6e4e55bfc04ff936d</hash></file>-<file><path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml</path><vendor>PUP.Optional.DefaultSearch.A</vendor><action>success</action><hash>2e994bec08745bdb42889dba06fdd32d</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\searchplugins\conduit.xml</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>d6f1c176344833034df124364ab9f808</hash></file>-<file><path>C:\ProgramData\Conduit\IE\CT3306058\UninstallerUI.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>0bbc94a3b9c3d75ff697f10a7b8738c8</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\1.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\4489.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\450.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\a.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\b.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\c.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\d.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\e.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\f.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\g.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\h.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\I.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\j.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\k.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\l.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\m.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\n.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\o.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\p.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\q.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\r.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\s.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\t.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\u.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\v.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\w.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\wlu.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\x.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\y.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\z.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\background.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\background.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\config.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\dea-128.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\dea-48.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\empty-favicon.ico</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\jquery.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\manifest.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\newtab.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\newtab.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\redirect.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\redirect.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\util.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\css\newtab.css</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img\no_thumb.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img\search-icon.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\background.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\config.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\manifest.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-128.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-48.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\loader_1036.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\utils.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></file>-<file><path>C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\prefs.js</path><vendor>PUP.Optional.DefaultSearch</vendor><action>replaced</action><baddata>user_pref("browser.search.defaultenginename", "default-search.net");</baddata><gooddata/><hash>06c1e84f007c8fa71a82b2bd9d685fa1</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\prefs.js</path><vendor>PUP.Optional.Conduit.A</vendor><action>replaced</action><baddata>user_pref("browser.search.defaulturl", "26a11324adcf70c6a7740e6356af24dchttp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN42400198729518255&UM=2&SearchSource=3&q={searchTerms}");</baddata><gooddata/><hash>26a11324adcf70c6a7740e6356af24dc</hash></file></items></mbam-log>


    This is the attach.txt log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/10/2012 2:12:01 PM
    System Uptime: 11/4/2014 8:03:53 PM (0 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 31.006 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.618 GiB free.
    E: is CDROM (UDF)
    G: is FIXED (NTFS) - 699 GiB total, 460.51 GiB free.
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Microsoft Teredo Tunneling Adapter
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    .
    ==== Image File Execution Options =============
    .
    IFEO: bitguard.exe - tasklist.exe
    IFEO: bprotect.exe - tasklist.exe
    IFEO: bpsvc.exe - tasklist.exe
    IFEO: browserdefender.exe - tasklist.exe
    IFEO: browserprotect.exe - tasklist.exe
    IFEO: browsersafeguard.exe - tasklist.exe
    IFEO: dprotectsvc.exe - tasklist.exe
    IFEO: jumpflip - tasklist.exe
    IFEO: protectedsearch.exe - tasklist.exe
    IFEO: searchinstaller.exe - tasklist.exe
    IFEO: searchprotection.exe - tasklist.exe
    IFEO: searchprotector.exe - tasklist.exe
    IFEO: searchsettings.exe - tasklist.exe
    IFEO: searchsettings64.exe - tasklist.exe
    IFEO: snapdo.exe - tasklist.exe
    IFEO: stinst32.exe - tasklist.exe
    IFEO: stinst64.exe - tasklist.exe
    IFEO: umbrella.exe - tasklist.exe
    IFEO: utiljumpflip.exe - tasklist.exe
    IFEO: volaro - tasklist.exe
    IFEO: vonteera - tasklist.exe
    IFEO: websteroids.exe - tasklist.exe
    IFEO: websteroidsservice.exe - tasklist.exe
    x64-IFEO: bitguard.exe - tasklist.exe
    x64-IFEO: bprotect.exe - tasklist.exe
    x64-IFEO: bpsvc.exe - tasklist.exe
    x64-IFEO: browserdefender.exe - tasklist.exe
    x64-IFEO: browserprotect.exe - tasklist.exe
    x64-IFEO: browsersafeguard.exe - tasklist.exe
    x64-IFEO: dprotectsvc.exe - tasklist.exe
    x64-IFEO: jumpflip - tasklist.exe
    x64-IFEO: protectedsearch.exe - tasklist.exe
    x64-IFEO: searchinstaller.exe - tasklist.exe
    x64-IFEO: searchprotection.exe - tasklist.exe
    x64-IFEO: searchprotector.exe - tasklist.exe
    x64-IFEO: searchsettings.exe - tasklist.exe
    x64-IFEO: searchsettings64.exe - tasklist.exe
    x64-IFEO: snapdo.exe - tasklist.exe
    x64-IFEO: stinst32.exe - tasklist.exe
    x64-IFEO: stinst64.exe - tasklist.exe
    x64-IFEO: umbrella.exe - tasklist.exe
    x64-IFEO: utiljumpflip.exe - tasklist.exe
    x64-IFEO: volaro - tasklist.exe
    x64-IFEO: vonteera - tasklist.exe
    x64-IFEO: websteroids.exe - tasklist.exe
    x64-IFEO: websteroidsservice.exe - tasklist.exe
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.09)
    Adobe Shockwave Player 12.0
    Airline Tycoon - Deluxe
    Akamai NetSession Interface
    AMD Catalyst Install Manager
    AMD Fuel
    Apple Application Support
    Apple Software Update
    Army Builder 3.4c
    Blio
    BufferChm
    Call of Duty Game of the Year Edition
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    CCC Help Czech
    CCC Help Danish
    Citrix Presentation Server Client
    Copy
    CutePDF Writer 3.0
    CyberLink DVD Suite Deluxe
    D3DX10
    Dawn of War - Soulstorm
    Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
    Destinations
    Desura
    DeviceDiscovery
    DJ_AIO_05_F4400_Software_Min
    DVD Menu Pack for HP MediaSmart Video
    F4400
    Google Chrome
    Google Update Helper
    GPBaseService2
    Half-Life 2
    Half-Life 2: Lost Coast
    Hero Lab 6.0a
    Hewlett-Packard ACLM.NET v1.2.2.3
    HP Auto
    HP Client Services
    HP Customer Experience Enhancements
    HP Customer Participation Program 14.0
    HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
    HP Games
    HP Imaging Device Functions 14.0
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MovieStore
    HP Odometer
    HP Photo Creations
    HP Setup
    HP Setup Manager
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    HPDiagnosticAlert
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    InterActual Player
    Java 7 Update 71
    Java Auto Updater
    Java(TM) 6 Update 6
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 2.0.3.1025
    MarketResearch
    MechWarrior Vengeance
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 64-bit Components 2013
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OSM MUI (English) 2013
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2013
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Español
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2013
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2013
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2013
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Project MUI (English) 2013
    Microsoft Project Professional 2013
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    MixPad
    Motorola Device Manager
    Motorola Device Software Update
    Motorola Mobile Drivers Installation 6.3.0
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 22.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    Neverwinter
    Neverwinter Nights 2
    NVIDIA PhysX
    Outils de vérification linguistique 2013 de Microsoft Office - Français
    PDFCanvas V1.5
    PhotoNow!
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Power2Go
    PowerDirector
    Prism Video File Converter
    QuickTime 7
    Realtek High Definition Audio Driver
    RecordPad Sound Recorder
    Recovery Manager
    ROBLOX Player for The Newmans
    Roll
    RoxioNow Player
    Rush for Gold Alaska
    Scan
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB2760272) 32-Bit Edition
    Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition
    Shop for HP Supplies
    SmartWebPrinting
    SolutionCenter
    SoundTap Streaming Audio Recorder
    Status
    Steam
    swMSM
    Symantec Endpoint Protection
    The Battle for Middle-earth (tm)
    The Walking Dead
    Toolbox
    Train Simulator 2014
    Trainz: Engineer's Edition
    TrayApp
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Lync 2013 (KB2889929) 32-Bit Edition
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2889927) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2889940) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2889942) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft OneDrive for Business (KB3000731) 32-Bit Edition
    Update for Microsoft OneNote 2013 (KB2883059) 32-Bit Edition
    Update for Microsoft Outlook 2013 (KB2986204) 32-Bit Edition
    Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
    Wallace and Gromits Grand Adventures - Grand Adventures Demo
    Warhammer® 40,000™: Dawn of War® II
    Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
    Warhammer® 40,000™: Dawn of War® II – Retribution™
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    World of Tanks
    World War III: Black Gold
    .
    ==== End Of File ===========================
     
  4. Stuart Newman

    Stuart Newman TS Rookie Topic Starter

    This is the dds.txt log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.17116 BrowserJavaVersion: 10.71.2
    Run by The Newmans at 20:19:51 on 2014-11-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.81 [GMT -5:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Users\The Newmans\AppData\Local\Akamai\netsession_win.exe
    C:\Users\The Newmans\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\syswow64\windowspowershell\v1.0\powershell.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.yahoo.com/
    uProxyOverride = <local>;192.168.*.*
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
    BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
    uRun: [Akamai NetSession Interface] "C:\Users\The Newmans\AppData\Local\Akamai\netsession_win.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\The Newmans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001065-0002-0065-ABCDEFFEDCBC} - <orphaned>
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{01EEE925-EB88-440D-A564-24E619EB0922} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: bitguard.exe - tasklist.exe
    IFEO: bprotect.exe - tasklist.exe
    IFEO: bpsvc.exe - tasklist.exe
    IFEO: browserdefender.exe - tasklist.exe
    IFEO: browserprotect.exe - tasklist.exe
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: bitguard.exe - tasklist.exe
    x64-IFEO: bprotect.exe - tasklist.exe
    x64-IFEO: bpsvc.exe - tasklist.exe
    x64-IFEO: browserdefender.exe - tasklist.exe
    x64-IFEO: browserprotect.exe - tasklist.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\The Newmans\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\NPRobloxProxy.dll
    FF - plugin: C:\Users\The Newmans\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\NPRobloxProxy64.dll
    FF - plugin: C:\Users\The Newmans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    FF - ExtSQL: !HIDDEN! 2013-01-09 18:32; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-10 75904]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-10 38016]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [2014-9-12 1586904]
    R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\dddskx64.sys [2013-5-23 26024]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20141103.011\IDSviA64.sys [2014-11-4 525016]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
    R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-6-20 46136]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-4 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-4 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-4 63704]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]
    R3 stdriver;SoundTap Filter Driver v6.07.00;C:\Windows\System32\drivers\stdriverx64.sys [2013-12-17 33488]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-10 38456]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-11 19456]
    S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2012-11-3 34352]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-11 57856]
    S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2013-11-13 29288]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
    .
    =============== Created Last 30 ================
    .
    2014-11-05 00:13:41 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-11-05 00:12:46 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-05 00:12:46 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-05 00:12:46 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-05 00:12:46 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-11-05 00:12:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-05 00:05:44 -------- d-----w- C:\Users\The Newmans\AppData\Roaming\KSafe
    2014-11-05 00:05:44 -------- d-----w- C:\ProgramData\KSafe
    2014-11-05 00:05:07 -------- d-----w- C:\Program Files (x86)\DllTool
    2014-10-17 22:36:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-15 18:27:49 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-15 18:27:43 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
    2014-10-15 18:27:43 73880 ----a-w- C:\Windows\System32\mscories.dll
    2014-10-15 18:27:43 1943696 ----a-w- C:\Windows\System32\dfshim.dll
    2014-10-15 18:27:43 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
    2014-10-15 18:27:43 156312 ----a-w- C:\Windows\System32\mscorier.dll
    2014-10-15 18:27:43 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2014-10-15 18:27:08 842240 ----a-w- C:\Windows\System32\blackbox.dll
    2014-10-15 18:27:07 744960 ----a-w- C:\Windows\SysWow64\blackbox.dll
    2014-10-15 18:27:07 1202176 ----a-w- C:\Windows\System32\drmv2clt.dll
    2014-10-15 18:27:04 988160 ----a-w- C:\Windows\SysWow64\drmv2clt.dll
    2014-10-15 18:25:31 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-15 18:25:30 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-15 18:25:28 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-15 18:25:09 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-15 18:25:08 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-15 18:24:43 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-10-15 18:24:43 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2014-10-15 18:24:43 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2014-10-15 18:24:43 322560 ----a-w- C:\Windows\System32\aaclient.dll
    2014-10-15 18:24:43 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2014-10-15 18:24:43 1125888 ----a-w- C:\Windows\System32\mstsc.exe
    2014-10-15 18:24:43 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2014-10-15 18:24:42 5780480 ----a-w- C:\Windows\System32\mstscax.dll
    2014-10-15 18:24:42 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-10-15 18:24:06 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-10-15 18:24:06 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-10-15 18:23:53 681984 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-15 18:23:53 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-10-15 18:23:53 235520 ----a-w- C:\Windows\System32\winsta.dll
    2014-10-15 18:23:53 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2014-10-15 18:23:53 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
    2014-10-15 18:23:53 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2014-10-15 18:23:52 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-10-15 18:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-10-15 18:23:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2014-10-15 18:23:52 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-10-15 18:23:52 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    .
    ==================== Find3M ====================
    .
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-09-24 01:09:48 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-24 01:09:48 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-20 02:43:32 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2014-09-20 02:35:33 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    .
    ============= FINISH: 20:26:30.32 ===============
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  6. Stuart Newman

    Stuart Newman TS Rookie Topic Starter

    I have run the roguekiller. It comes up with a file "Poweliks". It give a description that you have to run the scan, then go to the task manager and kill the dllhost.dll. Then go back in roguekiller and delete the "Poweliks". It says if you can't end the dll process, restart the computer in safe mode then retry the process. But for some reason the computer will not go into safe mode. Is there a reason why it will not go into safe mode.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Can't you do it in normal mode?
    Poweliks malware may be preventing you from going to safe mode.
     
  8. Stuart Newman

    Stuart Newman TS Rookie Topic Starter

    I did the scan and it find the Poweliks. The direction says to go in the task manager and stop the process. But when I did it says that I can not stop the process. I have uploaded the screen shot. I still get a pop-up in the lower right corner saying that a outbound traffic was blocked from the dllhost.exe. It lists several websites that it is trying to access. I will get a screen shot of the warning and upload also. The only good thing I see is that it is not starting 10-15 dllhosts at the same time. Also the pop-up has only been showing during the first couple minutes. Not sure about that. I will try the scan again to see if it will let me delete the Poweliks again.
     

    Attached Files:

  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Let me know.
     
  10. Stuart Newman

    Stuart Newman TS Rookie Topic Starter

    It looks like I got it, finally. thank you for the help
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    We're definitely not done.
    Poweliks is a very serious infection.

    I need to see RogueKiller and MBAR logs.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Still with me?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...