My desktop, please offer suggestions

Inactive-A
By blairman
Feb 2, 2014
Topic Status:
Not open for further replies.
  1. Mbam log
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2014.02.02.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    BLAIR :: BLAIR-PC [administrator]
    Protection: Enabled
    2/2/2014 12:11:11 PM
    MBAM-log-2014-02-02 (12-31-25).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 279764
    Time elapsed: 6 minute(s), 9 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 4
    C:\$Recycle.Bin\S-1-5-21-805742626-1673673168-2132482774-1000\$RU1W8NN.exe (PUP.Optional.InstallIQ.A) -> No action taken.
    C:\$Recycle.Bin\S-1-5-21-805742626-1673673168-2132482774-1000\$RWR1QW2.exe (PUP.Optional.Bandoo) -> No action taken.
    C:\Users\BLAIR\Downloads\7zip_14315_2210.exe (PUP.Optional.InstallIQ) -> No action taken.
    C:\Users\BLAIR\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> No action taken.
    (end)

    dds log
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by BLAIR at 13:37:59 on 2014-02-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5444 [GMT -5:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\hp\HPEZBTN\HPBtnSrv.exe
    C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.1.0.18\N360.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.1.0.18\N360.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
    C:\Users\BLAIR\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Users\BLAIR\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\ProgramData\FLEXnet\Connect\11\agent.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
    uProxyOverride = localhost;*.local
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    uRun: [Google Update] "C:\Users\BLAIR\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MusicManager] "C:\Users\BLAIR\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [SkyDrive] "C:\Users\BLAIR\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN33UBVJ5J05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    StartupFolder: C:\Users\BLAIR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\Users\BLAIR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\Users\BLAIR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
    IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{A84748E0-CE42-42EA-A168-0CBE4453D4D4} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll
    x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
    x64-RunOnce: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-23 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-23 1147480]
    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-8-28 210016]
    R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-8-28 141920]
    R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
    R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-23 162392]
    R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140131.001\IDSviA64.sys [2014-1-31 521944]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-23 264280]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-23 590936]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-2-11 311184]
    R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2010-7-24 198240]
    R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-2 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-2 701512]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.1.0.18\N360.exe [2013-11-23 264360]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe [2011-6-14 69632]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-7-26 92632]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-2-1 137648]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-2 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    R3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;C:\Windows\System32\drivers\xcbdaVx64.sys [2009-6-10 214784]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-12-21 17480]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-12-21 9800]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-12-15 57840]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
    S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-9-4 52320]
    S3 swvspser;Sierra VSP using Ethernet;C:\Windows\System32\drivers\swvspser.sys [2009-8-13 34304]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-2 1255736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
    S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2014-02-02 17:10:00 -------- d-----w- C:\Users\BLAIR\AppData\Roaming\Malwarebytes
    2014-02-02 17:09:53 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-02-02 17:09:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-02-02 17:09:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-15 10:04:56 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2014-01-15 10:04:56 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2014-01-15 10:04:56 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2014-01-15 10:04:56 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2014-01-15 10:04:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2014-01-15 10:04:56 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2014-01-15 10:04:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2014-01-15 10:04:55 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-15 10:04:54 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    .
    ==================== Find3M ====================
    .
    2014-01-30 11:35:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-30 11:35:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-23 13:12:06 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-11-05 12:16:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ============= FINISH: 13:38:27.18 ===============

    dds attach log
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/1/2011 7:31:04 AM
    System Uptime: 2/2/2014 12:37:01 PM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 2667/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 2031 GiB total, 1293.998 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 6.846 GiB free.
    E: is CDROM ()
    G: is CDROM ()
    H: is FIXED (NTFS) - 746 GiB total, 746.279 GiB free.
    L: is Removable
    M: is Removable
    N: is Removable
    O: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP149: 9/13/2013 3:00:43 AM - Windows Update
    RP150: 9/22/2013 11:48:07 AM - Scheduled Checkpoint
    RP151: 9/30/2013 11:05:01 AM - Scheduled Checkpoint
    RP152: 10/7/2013 10:53:00 PM - Scheduled Checkpoint
    RP153: 10/11/2013 3:00:37 AM - Windows Update
    RP154: 10/17/2013 6:14:07 AM - Windows Update
    RP155: 10/25/2013 12:00:02 AM - Scheduled Checkpoint
    RP156: 11/1/2013 12:38:16 AM - Scheduled Checkpoint
    RP157: 11/5/2013 6:20:03 AM - Installed Java 7 Update 45
    RP158: 11/12/2013 10:33:01 PM - Scheduled Checkpoint
    RP159: 11/14/2013 3:00:39 AM - Windows Update
    RP160: 11/19/2013 8:06:35 AM - Windows Update
    RP161: 11/26/2013 3:00:40 AM - Windows Update
    RP162: 12/3/2013 8:48:32 AM - Scheduled Checkpoint
    RP163: 12/4/2013 7:06:52 AM - Installed Evernote v. 5.0.3
    RP164: 12/7/2013 2:04:07 PM - Installed AQUAZONE OpenWater
    RP165: 12/7/2013 2:44:29 PM - Installed Dragon NaturallySpeaking 12.
    RP166: 12/7/2013 2:58:44 PM - Windows Update
    RP167: 12/7/2013 3:56:19 PM - Installed Dragon NaturallySpeaking 12.
    RP168: 12/7/2013 4:29:47 PM - Installed Dragon NaturallySpeaking 12.5 Upgrade.
    RP169: 12/8/2013 3:12:29 AM - Installed Dragon NaturallySpeaking 12.5 Upgrade.
    RP172: 12/12/2013 3:01:25 AM - Windows Update
    RP173: 12/13/2013 3:00:32 AM - Windows Update
    RP174: 12/15/2013 3:00:25 AM - Windows Update
    RP175: 12/15/2013 7:26:41 PM - Windows Live Essentials
    RP176: 12/15/2013 7:39:50 PM - Installed DirectX
    RP177: 12/15/2013 7:40:47 PM - Installed DirectX
    RP178: 12/15/2013 7:41:57 PM - Installed DirectX
    RP179: 12/15/2013 7:48:07 PM - WLSetup
    RP180: 12/23/2013 12:02:28 AM - Scheduled Checkpoint
    RP181: 1/13/2014 11:06:37 PM - Scheduled Checkpoint
    RP182: 1/16/2014 3:00:11 AM - Windows Update
    RP186: 1/29/2014 10:45:07 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader 8.3.1
    AIO_CDB_ProductContext
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AQUAZONE OpenWater
    AudioGizmo Ringtone Creator 2.0.4
    Bing Bar
    Bonjour
    Business Contact Manager for Microsoft Outlook 2010
    Compatibility Pack for the 2007 Office system
    Copy
    CyberLink DVD Suite Deluxe
    CyberLink PhotoDirector 3
    CyberLink PowerDirector
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceManagementQFolder
    Dragon NaturallySpeaking 12
    Dropbox
    EaseUS Partition Master 9.2.1 Home Edition
    Evernote v. 5.0.3
    Free RAR Extract Frog
    Garmin BaseCamp
    Garmin USB Drivers
    Google Earth Plug-in
    Google Update Helper
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP FWUpdateEDO2
    HP MediaSmart DVD
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Officejet Pro 8600 Product Improvement Study
    HP Photosmart Essential
    HP Update
    HPDiagnosticAlert
    HPSSupply
    HPTCSSetup
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync Manager
    I.R.I.S. OCR
    iCloud
    iLivid
    Intel(R) Matrix Storage Manager
    IP Camera Tool
    IPTInstaller
    iTunes
    Java 7 Update 25 (64-bit)
    Java 7 Update 45
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6 Update 1
    Jawbone Updater
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    LightScribeTemplateLabeler
    Logitech Desktop Messenger
    Logitech SetPoint
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Premium
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Home and Student 60 day trial
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft PhotoDraw 2000
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
    Movie Maker
    MP3 Music Editor v7.0.1
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    Music Manager
    muvee autoProducer 6.1
    My HP Games
    Norton 360
    NVIDIA 3D Vision Driver 311.06
    NVIDIA Control Panel 311.06
    NVIDIA Graphics Driver 311.06
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Photo Common
    Photo Gallery
    PlayReady PC Runtime amd64
    Power2Go
    Python 2.5
    QuickTime
    RealArcade
    Realtek High Definition Audio Driver
    Safari
    Screen Shot Deluxe 6.0
    Seagate DiscWizard
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
    Service Pack 1 for SQL Server 2008 (KB968369)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    Sierra Wireless USB MUX Driver Package
    sp44626
    Sql Server Customer Experience Improvement Program
    Status
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Torch
    TrayApp
    Tyre
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
    WebSlingPlayer ActiveX
    Windows 7 Upgrade Advisor
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/2/2014 12:58:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SALLY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A84748E0-CE42-42EA-A168-0CBE4453D4D4}. The master browser is stopping or an election is being forced.
    2/2/2014 12:55:23 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/2/2014 12:55:23 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    2/2/2014 12:55:10 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    2/2/2014 12:55:10 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    2/2/2014 12:55:10 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    2/2/2014 12:53:21 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A84748E0-CE42-42EA-A168-0CBE4453D4D4} because another computer on the network has the same name. The server could not start.
    2/2/2014 12:53:21 PM, Error: NetBT [4321] - The name "BLAIR-PC :20" could not be registered on the interface with IP address 192.168.1.45. The computer with the IP address 192.168.1.46 did not allow the name to be claimed by this computer.
    2/2/2014 12:50:13 PM, Error: iaStorV [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    2/1/2014 7:17:30 PM, Error: NetBT [4321] - The name "BLAIR-PC :0" could not be registered on the interface with IP address 192.168.1.45. The computer with the IP address 192.168.1.46 did not allow the name to be claimed by this computer.
    2/1/2014 6:33:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    2/1/2014 5:08:54 AM, Error: iaStorV [5] - A parity error was detected on \Device\Ide\iaStor0.
    2/1/2014 3:46:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user BLAIR-PC\BLAIR SID (S-1-5-21-805742626-1673673168-2132482774-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/1/2014 3:46:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user BLAIR-PC\BLAIR SID (S-1-5-21-805742626-1673673168-2132482774-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/1/2014 3:46:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user BLAIR-PC\BLAIR SID (S-1-5-21-805742626-1673673168-2132482774-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/31/2014 10:52:50 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    1/29/2014 10:46:31 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{37684681-9798-11df-b9e5-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F80D9404-DD97-422F-B2F6-011AD848B197}' was corrupted and it has been recovered. Some data might have been lost.
    1/26/2014 3:45:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{37684681-9798-11df-b9e5-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3D7972CC-8069-44BD-95D2-522F71137D4B}' was corrupted and it has been recovered. Some data might have been lost.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] You're not saying what's wrong with your desktop.

    [​IMG] MBAM log says "No action taken".
    Re-run MBAM fix all issues and post new log.
  3. blairman

    blairman Newcomer, in training Topic Starter Posts: 52

    Hope to continue working on this Friday night, thanks
  4. Broni

    Broni Malware Annihilator Posts: 46,172   +251

  5. blairman

    blairman Newcomer, in training Topic Starter Posts: 52

    Broni, thanks for your assistance. my pc is a HP media center originally running vista, upgraded to win7 home premium. it runs ok most of the time, however, rebooting is 50\50. I do not reboot because I get 'hd failure is immenant" warning, then windows takes 30 minutes to start. or I have to turn it off , and try again. first time I got that warning, I backed up the hd, and replaced it using copy software. worked fine for several months, then back to the failure warning. I ignore it as it must be a bug or software glitch. thought this process may help with this problem. same with shutting down, seems to take forever to shut down. so I try to keep it running all the time.
    I did quarantine 4 viruses that MBAM found the first time. I did suspend Norton 360 and rerun it. results below.
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2014.02.08.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    BLAIR :: BLAIR-PC [administrator]
    Protection: Enabled
    2/7/2014 8:57:21 PM
    mbam-log-2014-02-07 (20-57-21).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 281825
    Time elapsed: 5 minute(s), 43 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  6. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Well be better take a look at your hard drive...

    • Download GSmartControl for Windows and save it to your desktop
    • Unzip the folder to your desktop
    • Double click gsmartcontrol.exe
    • Allow the program to search for and list your hard drive(s)
    • Double click your drive
    • Go to the PERFORM TESTS tab
    • Make sure that the TEST TYPE is set to SHORT SELF-TEST
    • Click the EXECUTE button
    • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
  7. blairman

    blairman Newcomer, in training Topic Starter Posts: 52

    Interesting, in doing this test, I see that my slave drive is not being recognized, that is the drive I use as a back up target, and to store some music. hmmmm....
    c drive
    smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
    Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
    === START OF INFORMATION SECTION ===
    Model Family: Seagate Barracuda (SATA 3Gb/s, 4K Sectors)
    Device Model: ST3000DM001-1CH166
    Serial Number: Z1F34YRC
    LU WWN Device Id: 5 000c50 050b5c0aa
    Firmware Version: CC26
    User Capacity: 3,000,592,982,016 bytes [3.00 TB]
    Sector Sizes: 512 bytes logical, 4096 bytes physical
    Device is: In smartctl database [for details use: -P show]
    ATA Version is: 8
    ATA Standard is: ATA-8-ACS revision 4
    Local Time is: Sun Feb 09 07:44:08 2014 EST
    SMART support is: Available - device has SMART capability.
    SMART support is: Enabled
    === START OF READ SMART DATA SECTION ===
    SMART overall-health self-assessment test result: PASSED
    See vendor-specific Attribute list for marginal Attributes.
    General SMART Values:
    Offline data collection status: (0x00) Offline data collection activity
    was never started.
    Auto Offline Data Collection: Disabled.
    Self-test execution status: ( 0) The previous self-test routine completed
    without error or no self-test has ever
    been run.
    Total time to complete Offline
    data collection: ( 592) seconds.
    Offline data collection
    capabilities: (0x73) SMART execute Offline immediate.
    Auto Offline data collection on/off support.
    Suspend Offline collection upon new
    command.
    No Offline surface scan supported.
    Self-test supported.
    Conveyance Self-test supported.
    Selective Self-test supported.
    SMART capabilities: (0x0003) Saves SMART data before entering
    power-saving mode.
    Supports SMART auto save timer.
    Error logging capability: (0x01) Error logging supported.
    General Purpose Logging supported.
    Short self-test routine
    recommended polling time: ( 1) minutes.
    Extended self-test routine
    recommended polling time: ( 331) minutes.
    Conveyance self-test routine
    recommended polling time: ( 2) minutes.
    SCT capabilities: (0x3085) SCT Status supported.
    SMART Attributes Data Structure revision number: 10
    Vendor Specific SMART Attributes with Thresholds:
    ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
    1 Raw_Read_Error_Rate 0x000f 112 099 015 Pre-fail Always - 43226400
    3 Spin_Up_Time 0x0003 096 094 003 Pre-fail Always - 0
    4 Start_Stop_Count 0x0032 100 100 050 Old_age Always - 139
    5 Reallocated_Sector_Ct 0x0033 100 100 051 Pre-fail Always - 0
    7 Seek_Error_Rate 0x000f 062 051 015 Pre-fail Always - 339412788802
    9 Power_On_Hours 0x0032 096 096 050 Old_age Always - 3588
    10 Spin_Retry_Count 0x0013 100 100 019 Pre-fail Always - 0
    12 Power_Cycle_Count 0x0032 100 100 050 Old_age Always - 121
    183 Runtime_Bad_Block 0x0032 100 100 050 Old_age Always - 0
    184 End-to-End_Error 0x0032 100 100 050 Old_age Always - 0
    187 Reported_Uncorrect 0x0032 100 100 050 Old_age Always - 0
    188 Command_Timeout 0x0032 100 100 050 Old_age Always - 0
    189 High_Fly_Writes 0x003a 099 099 058 Old_age Always - 1
    190 Airflow_Temperature_Cel 0x0022 072 057 034 Old_age Always - 28 (Min/Max 24/30)
    191 G-Sense_Error_Rate 0x0032 100 100 050 Old_age Always - 0
    192 Power-Off_Retract_Count 0x0032 100 100 050 Old_age Always - 85
    193 Load_Cycle_Count 0x0032 097 097 050 Old_age Always - 7844
    194 Temperature_Celsius 0x0022 028 043 034 Old_age Always FAILING_NOW 28 (0 11 0 0 0)
    197 Current_Pending_Sector 0x0012 100 100 018 Old_age Always - 0
    198 Offline_Uncorrectable 0x0010 100 100 016 Old_age Offline - 0
    199 UDMA_CRC_Error_Count 0x003e 200 200 062 Old_age Always - 0
    240 Head_Flying_Hours 0x0000 100 253 000 Old_age Offline - 76227079572830
    241 Total_LBAs_Written 0x0000 100 253 000 Old_age Offline - 10257796534
    242 Total_LBAs_Read 0x0000 100 253 000 Old_age Offline - 12569978871
    SMART Error Log Version: 1
    No Errors Logged
    SMART Self-test log structure revision number 1
    Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
    # 1 Short offline Self-test routine in progress 90% 3588 -
    # 2 Short offline Completed without error 00% 3409 -
    # 3 Short offline Completed without error 00% 3409 -
    SMART Selective self-test log data structure revision number 1
    SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
    1 0 0 Not_testing
    2 0 0 Not_testing
    3 0 0 Not_testing
    4 0 0 Not_testing
    5 0 0 Not_testing
    Selective self-test flags (0x0):
    After scanning selected spans, do NOT read-scan remainder of disk.
    If Selective self-test is pending on power-up, resume after 0 minute delay.
  8. blairman

    blairman Newcomer, in training Topic Starter Posts: 52

    2nd hd,
    smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
    Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
    === START OF INFORMATION SECTION ===
    Device Model: ST3750525AS
    Serial Number: 9VPEYNE0
    LU WWN Device Id: 5 000c50 03ccdffdc
    Firmware Version: JC4B
    User Capacity: 750,156,374,016 bytes [750 GB]
    Sector Size: 512 bytes logical/physical
    Device is: Not in smartctl database [for details use: -P showall]
    ATA Version is: 8
    ATA Standard is: ATA-8-ACS revision 4
    Local Time is: Sun Feb 09 12:32:26 2014 EST
    SMART support is: Available - device has SMART capability.
    SMART support is: Enabled
    === START OF READ SMART DATA SECTION ===
    SMART overall-health self-assessment test result: PASSED
    See vendor-specific Attribute list for marginal Attributes.
    General SMART Values:
    Offline data collection status: (0x82) Offline data collection activity
    was completed without error.
    Auto Offline Data Collection: Enabled.
    Self-test execution status: ( 0) The previous self-test routine completed
    without error or no self-test has ever
    been run.
    Total time to complete Offline
    data collection: ( 625) seconds.
    Offline data collection
    capabilities: (0x7b) SMART execute Offline immediate.
    Auto Offline data collection on/off support.
    Suspend Offline collection upon new
    command.
    Offline surface scan supported.
    Self-test supported.
    Conveyance Self-test supported.
    Selective Self-test supported.
    SMART capabilities: (0x0003) Saves SMART data before entering
    power-saving mode.
    Supports SMART auto save timer.
    Error logging capability: (0x01) Error logging supported.
    General Purpose Logging supported.
    Short self-test routine
    recommended polling time: ( 1) minutes.
    Extended self-test routine
    recommended polling time: ( 150) minutes.
    Conveyance self-test routine
    recommended polling time: ( 2) minutes.
    SCT capabilities: (0x103f) SCT Status supported.
    SCT Error Recovery Control supported.
    SCT Feature Control supported.
    SCT Data Table supported.
    SMART Attributes Data Structure revision number: 10
    Vendor Specific SMART Attributes with Thresholds:
    ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
    1 Raw_Read_Error_Rate 0x000f 119 100 015 Pre-fail Always - 469826
    3 Spin_Up_Time 0x0003 100 100 003 Pre-fail Always - 0
    4 Start_Stop_Count 0x0032 100 100 050 Old_age Always - 120
    5 Reallocated_Sector_Ct 0x0033 100 100 051 Pre-fail Always - 0
    7 Seek_Error_Rate 0x000f 037 037 015 Pre-fail Always - 1103807997030
    9 Power_On_Hours 0x0032 097 097 050 Old_age Always - 3473
    10 Spin_Retry_Count 0x0013 100 100 019 Pre-fail Always - 0
    12 Power_Cycle_Count 0x0032 100 100 050 Old_age Always - 120
    183 Runtime_Bad_Block 0x0032 001 001 050 Old_age Always FAILING_NOW 2806
    184 End-to-End_Error 0x0032 100 100 050 Old_age Always - 0
    187 Reported_Uncorrect 0x0032 100 100 050 Old_age Always - 0
    188 Command_Timeout 0x0032 097 001 050 Old_age Always In_the_past 34360264619
    189 High_Fly_Writes 0x003a 100 100 058 Old_age Always - 0
    190 Airflow_Temperature_Cel 0x0022 069 063 034 Old_age Always - 31 (Min/Max 30/31)
    194 Temperature_Celsius 0x0022 031 040 034 Old_age Always FAILING_NOW 31 (0 11 0 0 0)
    195 Hardware_ECC_Recovered 0x001a 027 027 026 Old_age Always - 469826
    197 Current_Pending_Sector 0x0012 100 100 018 Old_age Always - 0
    198 Offline_Uncorrectable 0x0010 100 100 016 Old_age Offline - 0
    199 UDMA_CRC_Error_Count 0x003e 200 001 062 Old_age Always In_the_past 1476
    240 Head_Flying_Hours 0x0000 100 253 000 Old_age Offline - 232160162221763
    241 Total_LBAs_Written 0x0000 100 253 000 Old_age Offline - 79894109
    242 Total_LBAs_Read 0x0000 100 253 000 Old_age Offline - 2521419545
    SMART Error Log Version: 1
    No Errors Logged
    SMART Self-test log structure revision number 1
    Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
    # 1 Short offline Self-test routine in progress 90% 3474 -
    # 2 Short offline Completed without error 00% 3292 -
    # 3 Short offline Completed without error 00% 3290 -
    SMART Selective self-test log data structure revision number 1
    SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
    1 0 0 Not_testing
    2 0 0 Not_testing
    3 0 0 Not_testing
    4 0 0 Not_testing
    5 0 0 Not_testing
    Selective self-test flags (0x0):
    After scanning selected spans, do NOT read-scan remainder of disk.
    If Selective self-test is pending on power-up, resume after 0 minute delay.
  9. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Looks good for now...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  10. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Still with me?
  11. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.