Hello,
First of all thank you for having this form. I’m going to start will all the required information and then at the end give you a brief history as to how this problem started. I was referred by a friend and wish that I would have read the proper steps first. I already restored my computer and “returned to factory settings” which caused me to loose all my personal files. I wish I would have came here first.
Symptoms:
1. After doing a search in all browsers (Chrome, Firefox, IE) and multiple search engines (Google, Yahoo, etc.) I click on a result and am redirected to an ad page or other random website.
2. On any page there are highlights on key words that bring up pop-ups which bring up other ads.
3. Entering a URL in the address bar in all browsers presents no problems.
4. Not often, but occasionally a random pop-up window will appear.
Logs:
Malwarebytes
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6777
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/5/2011 5:23:20 PM
mbam-log-2011-06-05 (17-23-20).txt
Scan type: Quick scan
Objects scanned: 160968
Time elapsed: 1 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER LOG
(BLANK – NO INFO SHOWING)
DDS
Text
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by James at 17:39:55 on 2011-06-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2636 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273606114505l0364z135a48i2v240
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273606114505l0364z135a48i2v240
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{3684E32D-4846-436A-B1F8-95238FCB0EFA} : DhcpNameServer = 168.95.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-4 353168]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-28 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-05 21:21:29 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2011-06-05 21:21:12 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-05 21:21:11 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-05 21:21:08 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-05 21:21:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-05 21:14:02 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-05 21:14:02 -------- d-----w- C:\Windows\System32\Wat
2011-06-05 20:40:01 -------- d-----w- C:\e8b181ef3cb00e0282
2011-06-05 20:39:54 40112 ----a-w- C:\Windows\avastSS.scr
2011-06-05 20:39:47 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-05 20:39:47 -------- d-----w- C:\Program Files\AVAST Software
2011-06-05 20:08:03 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-06-05 20:07:09 -------- d-----w- C:\Users\James\AppData\Local\Microsoft Help
2011-06-04 23:39:20 -------- d-----w- C:\Windows\SysWow64\x64
2011-06-04 23:39:20 -------- d-----w- C:\Windows\SysWow64\Lang
2011-06-04 23:39:19 948760 ----a-w- C:\Windows\SysWow64\igxpun.exe
2011-06-04 23:22:34 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-04 23:22:33 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-04 23:01:40 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-06-04 23:01:40 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-06-04 23:01:40 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-06-04 23:01:40 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-06-04 23:01:40 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-06-04 22:57:44 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-04 22:57:44 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-04 22:56:17 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-04 22:56:16 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-04 22:55:26 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-06-04 22:55:26 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-06-04 22:43:22 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-06-04 22:43:22 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-06-04 22:42:58 -------- d-----w- C:\Users\James\AppData\Local\Adobe
2011-06-04 22:39:24 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-04 22:39:24 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-06-04 22:39:24 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-04 22:39:24 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-04 22:39:24 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-06-04 22:39:24 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-06-04 22:39:24 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-06-04 22:39:24 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-04 22:39:24 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-04 22:39:24 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-06-04 22:37:11 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-06-04 22:35:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-06-04 22:35:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-06-04 22:16:27 -------- d-----w- C:\Users\James\AppData\Roaming\IObit
2011-06-04 22:16:26 -------- d-----w- C:\Program Files (x86)\IObit
2011-06-04 22:14:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-04 22:13:59 -------- d-----w- C:\Program Files (x86)\Frontline Registry Cleaner
2011-06-04 21:46:38 98816 ----a-w- C:\Windows\sed.exe
2011-06-04 21:46:38 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-04 21:46:38 256512 ----a-w- C:\Windows\PEV.exe
2011-06-04 21:46:38 208896 ----a-w- C:\Windows\MBR.exe
2011-06-04 21:12:13 -------- d-----w- C:\Users\James\AppData\Local\Power2Go
2011-06-04 21:03:57 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{229F6B15-6620-4F0F-960C-7B7F65E161A6}\mpengine.dll
2011-06-04 21:03:52 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-04 21:00:03 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-04 21:00:03 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-04 21:00:03 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-04 21:00:03 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-04 21:00:02 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-04 20:58:16 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
2011-06-04 20:58:16 1053232 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2011-06-04 20:54:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-06-04 20:54:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-06-04 20:54:08 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-06-04 20:53:22 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-06-04 20:53:00 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-06-04 20:52:00 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40501cf01cc22f9\DSETUP.dll
2011-06-04 20:52:00 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40501cf01cc22f9\DXSETUP.exe
2011-06-04 20:52:00 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40501cf01cc22f9\dsetup32.dll
2011-06-04 20:52:00 -------- d-----w- C:\Program Files\Synaptics
2011-06-04 20:51:08 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcDE9D.tmp
2011-06-04 20:50:58 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-06-04 20:50:23 -------- d-----w- C:\Program Files (x86)\Video Web Camera
2011-06-04 20:49:27 -------- d-----w- C:\Users\James\AppData\Local\Packard Bell
2011-06-04 20:48:09 -------- d-----w- C:\Users\James\AppData\Local\VirtualStore
2011-06-04 20:47:37 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-06-04 20:47:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-06-04 20:47:37 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-06-04 20:47:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-06-04 20:46:22 -------- d-----w- C:\ProgramData\OEM_E471269A730D
.
==================== Find3M ====================
.
2011-06-04 23:41:56 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-06-04 20:57:57 505392 ----a-w- C:\Windows\SysWow64\msvcp71.dll
.
============= FINISH: 17:40:22.04 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2011 4:45:39 PM
System Uptime: 6/5/2011 5:15:36 PM (0 hours ago)
.
Motherboard: Gateway | | NV78
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | uPGA-478 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 422.98 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 6/4/2011 4:48:41 PM - Windows Update
RP2: 6/4/2011 4:54:10 PM - Installed DirectX
RP3: 6/4/2011 4:57:59 PM - Installed Power2Go
RP4: 6/4/2011 5:03:33 PM - Windows Update
RP5: 6/4/2011 5:18:49 PM - Removed eBay Worldwide
RP6: 6/4/2011 6:35:08 PM - Windows Modules Installer
RP7: 6/5/2011 4:05:06 PM - Installed Microsoft Office Enterprise 2007
RP8: 6/5/2011 4:39:34 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Advanced SystemCare 4
Backup Manager Basic
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
Frontline Registry Cleaner
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Identity Card
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
Norton Online Backup
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Update for 2007 Microsoft Office System (KB967642)
Video Web Camera
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
6/5/2011 5:17:06 PM, Error: Service Control Manager [7023] -
6/5/2011 5:10:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.
6/5/2011 4:15:29 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
6/5/2011 4:12:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/5/2011 4:12:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/4/2011 7:38:29 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
6/4/2011 6:02:17 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/4/2011 5:12:46 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
BRIEF HISTORY:
This issue has been taking place for over a month now. Before it wasn’t that big of a deal for me because I could use the back button and eventually get to the page I was searching for. Since I have lost my job in the past week it has been a huge annoyance trying to access sites through search engines while looking for local job sites. This is the first time that I have actually asked for help because usually I am able to figure things out for myself. I reset my computer to factory settings (without a disk if that matters) loosing all of my personal documents and photos. I am stuck and don’t know what else I can do; so any help that you all can give me would be VERY appreciative. I am willing to do whatever it takes to solve this issue as soon as possible.
In advance, thank you and I’m glad that there are good people out there willing to share their knowledge.
Jim
First of all thank you for having this form. I’m going to start will all the required information and then at the end give you a brief history as to how this problem started. I was referred by a friend and wish that I would have read the proper steps first. I already restored my computer and “returned to factory settings” which caused me to loose all my personal files. I wish I would have came here first.
Symptoms:
1. After doing a search in all browsers (Chrome, Firefox, IE) and multiple search engines (Google, Yahoo, etc.) I click on a result and am redirected to an ad page or other random website.
2. On any page there are highlights on key words that bring up pop-ups which bring up other ads.
3. Entering a URL in the address bar in all browsers presents no problems.
4. Not often, but occasionally a random pop-up window will appear.
Logs:
Malwarebytes
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6777
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/5/2011 5:23:20 PM
mbam-log-2011-06-05 (17-23-20).txt
Scan type: Quick scan
Objects scanned: 160968
Time elapsed: 1 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER LOG
(BLANK – NO INFO SHOWING)
DDS
Text
.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by James at 17:39:55 on 2011-06-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.2636 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273606114505l0364z135a48i2v240
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273606114505l0364z135a48i2v240
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{3684E32D-4846-436A-B1F8-95238FCB0EFA} : DhcpNameServer = 168.95.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-4 353168]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-28 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-05 21:21:29 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2011-06-05 21:21:12 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-05 21:21:11 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-05 21:21:08 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-05 21:21:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-05 21:14:02 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-05 21:14:02 -------- d-----w- C:\Windows\System32\Wat
2011-06-05 20:40:01 -------- d-----w- C:\e8b181ef3cb00e0282
2011-06-05 20:39:54 40112 ----a-w- C:\Windows\avastSS.scr
2011-06-05 20:39:47 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-05 20:39:47 -------- d-----w- C:\Program Files\AVAST Software
2011-06-05 20:08:03 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-06-05 20:07:09 -------- d-----w- C:\Users\James\AppData\Local\Microsoft Help
2011-06-04 23:39:20 -------- d-----w- C:\Windows\SysWow64\x64
2011-06-04 23:39:20 -------- d-----w- C:\Windows\SysWow64\Lang
2011-06-04 23:39:19 948760 ----a-w- C:\Windows\SysWow64\igxpun.exe
2011-06-04 23:22:34 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-04 23:22:33 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-04 23:01:40 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-06-04 23:01:40 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-06-04 23:01:40 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-06-04 23:01:40 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-06-04 23:01:40 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-06-04 22:57:44 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-04 22:57:44 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-04 22:56:17 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-04 22:56:16 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-04 22:55:26 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-06-04 22:55:26 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-06-04 22:43:22 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-06-04 22:43:22 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-06-04 22:42:58 -------- d-----w- C:\Users\James\AppData\Local\Adobe
2011-06-04 22:39:24 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-04 22:39:24 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-06-04 22:39:24 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-04 22:39:24 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-04 22:39:24 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-06-04 22:39:24 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-06-04 22:39:24 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-06-04 22:39:24 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-04 22:39:24 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-04 22:39:24 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-06-04 22:37:11 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-06-04 22:35:59 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-06-04 22:35:59 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-06-04 22:16:27 -------- d-----w- C:\Users\James\AppData\Roaming\IObit
2011-06-04 22:16:26 -------- d-----w- C:\Program Files (x86)\IObit
2011-06-04 22:14:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-04 22:13:59 -------- d-----w- C:\Program Files (x86)\Frontline Registry Cleaner
2011-06-04 21:46:38 98816 ----a-w- C:\Windows\sed.exe
2011-06-04 21:46:38 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-04 21:46:38 256512 ----a-w- C:\Windows\PEV.exe
2011-06-04 21:46:38 208896 ----a-w- C:\Windows\MBR.exe
2011-06-04 21:12:13 -------- d-----w- C:\Users\James\AppData\Local\Power2Go
2011-06-04 21:03:57 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{229F6B15-6620-4F0F-960C-7B7F65E161A6}\mpengine.dll
2011-06-04 21:03:52 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-04 21:00:03 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-04 21:00:03 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-04 21:00:03 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-04 21:00:03 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-04 21:00:02 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-04 20:58:16 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
2011-06-04 20:58:16 1053232 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2011-06-04 20:54:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-06-04 20:54:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-06-04 20:54:08 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-06-04 20:53:22 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-06-04 20:53:00 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-06-04 20:52:00 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40501cf01cc22f9\DSETUP.dll
2011-06-04 20:52:00 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40501cf01cc22f9\DXSETUP.exe
2011-06-04 20:52:00 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40501cf01cc22f9\dsetup32.dll
2011-06-04 20:52:00 -------- d-----w- C:\Program Files\Synaptics
2011-06-04 20:51:08 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcDE9D.tmp
2011-06-04 20:50:58 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-06-04 20:50:23 -------- d-----w- C:\Program Files (x86)\Video Web Camera
2011-06-04 20:49:27 -------- d-----w- C:\Users\James\AppData\Local\Packard Bell
2011-06-04 20:48:09 -------- d-----w- C:\Users\James\AppData\Local\VirtualStore
2011-06-04 20:47:37 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-06-04 20:47:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-06-04 20:47:37 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-06-04 20:47:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-06-04 20:46:22 -------- d-----w- C:\ProgramData\OEM_E471269A730D
.
==================== Find3M ====================
.
2011-06-04 23:41:56 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-06-04 20:57:57 505392 ----a-w- C:\Windows\SysWow64\msvcp71.dll
.
============= FINISH: 17:40:22.04 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2011 4:45:39 PM
System Uptime: 6/5/2011 5:15:36 PM (0 hours ago)
.
Motherboard: Gateway | | NV78
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | uPGA-478 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 422.98 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 6/4/2011 4:48:41 PM - Windows Update
RP2: 6/4/2011 4:54:10 PM - Installed DirectX
RP3: 6/4/2011 4:57:59 PM - Installed Power2Go
RP4: 6/4/2011 5:03:33 PM - Windows Update
RP5: 6/4/2011 5:18:49 PM - Removed eBay Worldwide
RP6: 6/4/2011 6:35:08 PM - Windows Modules Installer
RP7: 6/5/2011 4:05:06 PM - Installed Microsoft Office Enterprise 2007
RP8: 6/5/2011 4:39:34 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Advanced SystemCare 4
Backup Manager Basic
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
Frontline Registry Cleaner
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Identity Card
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
Norton Online Backup
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Update for 2007 Microsoft Office System (KB967642)
Video Web Camera
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
6/5/2011 5:17:06 PM, Error: Service Control Manager [7023] -
6/5/2011 5:10:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.
6/5/2011 4:15:29 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
6/5/2011 4:12:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/5/2011 4:12:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/4/2011 7:38:29 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
6/4/2011 6:02:17 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/4/2011 5:12:46 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
BRIEF HISTORY:
This issue has been taking place for over a month now. Before it wasn’t that big of a deal for me because I could use the back button and eventually get to the page I was searching for. Since I have lost my job in the past week it has been a huge annoyance trying to access sites through search engines while looking for local job sites. This is the first time that I have actually asked for help because usually I am able to figure things out for myself. I reset my computer to factory settings (without a disk if that matters) loosing all of my personal documents and photos. I am stuck and don’t know what else I can do; so any help that you all can give me would be VERY appreciative. I am willing to do whatever it takes to solve this issue as soon as possible.
In advance, thank you and I’m glad that there are good people out there willing to share their knowledge.
Jim