Inactive-A COM Surrogate

Status
Not open for further replies.
Stuart Newman

Stuart Newman

Posts: 6   +0
I have seen various posts on the COM Surrogate task. I have tried to run cleaners that have been referenced on several posts. I get a message saying that I am not allowed to download the files because of some settings. Please help.
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I have ran the MBAM scan, but I am continually receiving a malicious website blocked window. They all say they are outgoing communication. They are all coming from c:\windows\syswow64\dllhost.exe

This is from the MBAM scan.

<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>-<header><date>2014/11/04 19:18:12 -0500</date><logfile>mbam-log-2014-11-04 (19-18-07).xml</logfile><isadmin>yes</isadmin></header>-<engine><version>2.00.3.1025</version><malware-database>v2014.11.04.07</malware-database><rootkit-database>v2014.11.01.02</rootkit-database><license>trial</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine>-<system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>The Newmans</username><filesys>NTFS</filesys></system>-<summary><type>threat</type><result>completed</result><objects>326269</objects><time>2195</time><processes>0</processes><modules>0</modules><keys>23</keys><values>12</values><datas>0</datas><folders>18</folders><files>65</files><sectors>0</sectors></summary>-<options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options>-<items>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}</path><vendor>PUP.Optional.Linkey.A</vendor><action>success</action><hash>d8ef3205740839fd0362b3feca389070</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}</path><vendor>PUP.Optional.TopArcadeHits.A</vendor><action>success</action><hash>25a2b5828defae88522108df748ebc44</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>af18f93e9ddf9d990ca8ca1d26dc03fd</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>d5f2fd3aa8d4bc7ab7fee8ffe022bf41</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>ae199a9d97e51a1cb830ae3c7290de22</hash></key>-<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>349351e6a4d8e84e5b0491aa2ad9a55b</hash></key>-<key><path>HKLM\SOFTWARE\Updater By SweetPacks</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>9d2aa98e0676db5b8b0a4b359f65d42c</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>26a18aadf4884cea68664b1aa75ce917</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\SmdmF</path><vendor>PUP.Optional.SettingsManager.A</vendor><action>success</action><hash>5e69cf681c60e155c05105328f74c040</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\Updater By SweetPacks</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>b51225123e3e6ccae5b03d4341c301ff</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS</path><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><hash>ac1b5fd893e9e353cc748e148282c937</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>289f57e0116b0531a6c57cd2df24aa56</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>5e69ae89e79561d5fd6fe06ee61d0cf4</hash></key>-<key><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>3f88a196aad2d165e81c2656c53f966a</hash></key>-<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT</path><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><hash>c00790a767151e1836e23c46e91b956b</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>e6e116216b116dc9fed1ff666a992ed2</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>c106082fff7d221493cc045b45be5fa1</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>5e6956e1bdbf7fb71007faa161a3936d</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>12b5a6912953b383d4b73b4548bc26da</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DOWNLOADTERMS</path><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><hash>02c50e29fb81aa8c330e5b477391768a</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>ccfb3007ee8e3df989542b396c97738d</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>4d7aba7d96e60c2a8299106b689cc739</hash></key>-<key><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>12b505320379162041c21d5f26de0bf5</hash></key>-<value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}</path><valuename/><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata/><hash>fdca8bacbcc042f40b7509dd2fd3936d</hash></value>-<value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}</valuename><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata>C:\Program Files\Updater By SweetPacks\Firefox</valuedata><hash>fdca8bacbcc042f40b7509dd2fd3936d</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}</valuename><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata>C:\Program Files\Updater By SweetPacks\Firefox</valuedata><hash>fdca8bacbcc042f40b7509dd2fd3936d</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}</path><valuename/><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><valuedata/><hash>982f082f6a1283b3285823c354ae6799</hash></value>-<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>21a668cfb5c78bab56a635fe9d6629d7</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS</path><valuename>age</valuename><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><valuedata>1373947200</valuedata><hash>ac1b5fd893e9e353cc748e148282c937</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>6166ed4a7c0068ceaa52e2510201956b</hash></value>-<value><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>{CE961C8D-DDAC-11E2-9279-78ACC0BC1EF5}</valuedata><hash>3f88a196aad2d165e81c2656c53f966a</hash></value>-<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT</path><valuename>URL</valuename><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><valuedata>SSWEETPACKS</valuedata><hash>c00790a767151e1836e23c46e91b956b</hash></value>-<value><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DOWNLOADTERMS</path><valuename>age</valuename><vendor>PUP.Optional.DownloadTerms.A</vendor><action>success</action><valuedata>1373947200</valuedata><hash>02c50e29fb81aa8c330e5b477391768a</hash></value>-<value><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0H1K1J1N2U0R1O1F</valuedata><hash>4d7aba7d96e60c2a8299106b689cc739</hash></value>-<value><path>HKU\S-1-5-21-4272652656-438244758-189266899-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>{CE961C8D-DDAC-11E2-9279-78ACC0BC1EF5}</valuedata><hash>12b505320379162041c21d5f26de0bf5</hash></value>-<folder><path>C:\Users\The Newmans\AppData\Local\Smartbar</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>a621181fa2da1c1a12d6ce2c8a78619f</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Smartbar\Application</path><vendor>PUP.Optional.SmartBar.A</vendor><action>success</action><hash>a621181fa2da1c1a12d6ce2c8a78619f</hash></folder>-<folder><path>C:\ProgramData\Conduit\IE</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>0bbc94a3b9c3d75ff697f10a7b8738c8</hash></folder>-<folder><path>C:\ProgramData\Conduit\IE\CT3306058</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>0bbc94a3b9c3d75ff697f10a7b8738c8</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\css</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></folder>-<folder><path>C:\Users\The Newmans\AppData\Roaming\FirefoxToolbar\Settings Manager</path><vendor>PUP.Optional.SettingsManager.A</vendor><action>success</action><hash>4b7c64d3502c63d33126a47849ba56aa</hash></folder>-<folder><path>C:\Program Files (x86)\Common Files\Spigot</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></folder>-<folder><path>C:\Program Files (x86)\Common Files\Spigot\GC</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></folder>-<folder><path>C:\Program Files (x86)\Common Files\Spigot\Search Settings</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></folder>-<file><path>C:\Users\The Newmans\Downloads\Java_Updater_Setup.exe</path><vendor>PUP.Optional.OptimunInstaller</vendor><action>success</action><hash>1ea94cebbdbf0333ffd6eb5e09f718e8</hash></file>-<file><path>C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>349351e6a4d8e84e5b0491aa2ad9a55b</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>cbfcac8bc0bcd95d716d2c109f6426da</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\searchplugins\default-search.xml</path><vendor>PUP.Optional.DefaultSearch.A</vendor><action>success</action><hash>d8ef4ee93e3e80b6e4e55bfc04ff936d</hash></file>-<file><path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml</path><vendor>PUP.Optional.DefaultSearch.A</vendor><action>success</action><hash>2e994bec08745bdb42889dba06fdd32d</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\searchplugins\conduit.xml</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>d6f1c176344833034df124364ab9f808</hash></file>-<file><path>C:\ProgramData\Conduit\IE\CT3306058\UninstallerUI.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>0bbc94a3b9c3d75ff697f10a7b8738c8</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\1.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\4489.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\450.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\a.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\b.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\c.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\d.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\e.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\f.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\g.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\h.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\I.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\j.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\k.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\l.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\m.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\n.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\o.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\p.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\q.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\r.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\s.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\t.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\u.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\v.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\w.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\wlu.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\x.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\y.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\LocalLow\PriceGong\Data\z.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6211324daa2191df184897550b2aa56</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\background.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\background.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\config.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\dea-128.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\dea-48.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\empty-favicon.ico</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\jquery.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\manifest.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\newtab.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\newtab.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\redirect.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\redirect.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\util.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\css\newtab.css</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img\no_thumb.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img\search-icon.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>a91e1621f488db5b96fdb34c7290a759</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\background.html</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\config.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\manifest.json</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-128.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-48.png</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\loader_1036.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Users\The Newmans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\utils.js</path><vendor>PUP.Optional.SlickSavings.A</vendor><action>success</action><hash>d4f35cdbe19bd85edabae31cd1313bc5</hash></file>-<file><path>C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></file>-<file><path>C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx</path><vendor>PUP.Optional.Spigot.A</vendor><action>success</action><hash>f0d749eeeb9165d1ffe323fd49bac33d</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\prefs.js</path><vendor>PUP.Optional.DefaultSearch</vendor><action>replaced</action><baddata>user_pref("browser.search.defaultenginename", "default-search.net");</baddata><gooddata/><hash>06c1e84f007c8fa71a82b2bd9d685fa1</hash></file>-<file><path>C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\prefs.js</path><vendor>PUP.Optional.Conduit.A</vendor><action>replaced</action><baddata>user_pref("browser.search.defaulturl", "26a11324adcf70c6a7740e6356af24dchttp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN42400198729518255&UM=2&SearchSource=3&q={searchTerms}");</baddata><gooddata/><hash>26a11324adcf70c6a7740e6356af24dc</hash></file></items></mbam-log>


This is the attach.txt log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2012 2:12:01 PM
System Uptime: 11/4/2014 8:03:53 PM (0 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 31.006 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.618 GiB free.
E: is CDROM (UDF)
G: is FIXED (NTFS) - 699 GiB total, 460.51 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: jumpflip - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: searchinstaller.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: searchsettings.exe - tasklist.exe
IFEO: searchsettings64.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: umbrella.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
IFEO: volaro - tasklist.exe
IFEO: vonteera - tasklist.exe
IFEO: websteroids.exe - tasklist.exe
IFEO: websteroidsservice.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
x64-IFEO: dprotectsvc.exe - tasklist.exe
x64-IFEO: jumpflip - tasklist.exe
x64-IFEO: protectedsearch.exe - tasklist.exe
x64-IFEO: searchinstaller.exe - tasklist.exe
x64-IFEO: searchprotection.exe - tasklist.exe
x64-IFEO: searchprotector.exe - tasklist.exe
x64-IFEO: searchsettings.exe - tasklist.exe
x64-IFEO: searchsettings64.exe - tasklist.exe
x64-IFEO: snapdo.exe - tasklist.exe
x64-IFEO: stinst32.exe - tasklist.exe
x64-IFEO: stinst64.exe - tasklist.exe
x64-IFEO: umbrella.exe - tasklist.exe
x64-IFEO: utiljumpflip.exe - tasklist.exe
x64-IFEO: volaro - tasklist.exe
x64-IFEO: vonteera - tasklist.exe
x64-IFEO: websteroids.exe - tasklist.exe
x64-IFEO: websteroidsservice.exe - tasklist.exe
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Adobe Shockwave Player 12.0
Airline Tycoon - Deluxe
Akamai NetSession Interface
AMD Catalyst Install Manager
AMD Fuel
Apple Application Support
Apple Software Update
Army Builder 3.4c
Blio
BufferChm
Call of Duty Game of the Year Edition
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help Czech
CCC Help Danish
Citrix Presentation Server Client
Copy
CutePDF Writer 3.0
CyberLink DVD Suite Deluxe
D3DX10
Dawn of War - Soulstorm
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Destinations
Desura
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
DVD Menu Pack for HP MediaSmart Video
F4400
Google Chrome
Google Update Helper
GPBaseService2
Half-Life 2
Half-Life 2: Lost Coast
Hero Lab 6.0a
Hewlett-Packard ACLM.NET v1.2.2.3
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
HP Games
HP Imaging Device Functions 14.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MovieStore
HP Odometer
HP Photo Creations
HP Setup
HP Setup Manager
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
InterActual Player
Java 7 Update 71
Java Auto Updater
Java(TM) 6 Update 6
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 2.0.3.1025
MarketResearch
MechWarrior Vengeance
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 64-bit Components 2013
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office OSM MUI (English) 2013
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Project MUI (English) 2013
Microsoft Project Professional 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MixPad
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.3.0
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Neverwinter
Neverwinter Nights 2
NVIDIA PhysX
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDFCanvas V1.5
PhotoNow!
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
PowerDirector
Prism Video File Converter
QuickTime 7
Realtek High Definition Audio Driver
RecordPad Sound Recorder
Recovery Manager
ROBLOX Player for The Newmans
Roll
RoxioNow Player
Rush for Gold Alaska
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2760272) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SoundTap Streaming Audio Recorder
Status
Steam
swMSM
Symantec Endpoint Protection
The Battle for Middle-earth (tm)
The Walking Dead
Toolbox
Train Simulator 2014
Trainz: Engineer's Edition
TrayApp
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Lync 2013 (KB2889929) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition
Update for Microsoft Office 2013 (KB2889927) 32-Bit Edition
Update for Microsoft Office 2013 (KB2889940) 32-Bit Edition
Update for Microsoft Office 2013 (KB2889942) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneDrive for Business (KB3000731) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2883059) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2986204) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Wallace and Gromits Grand Adventures - Grand Adventures Demo
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
Warhammer® 40,000™: Dawn of War® II – Retribution™
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Tanks
World War III: Black Gold
.
==== End Of File ===========================
 
This is the dds.txt log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116 BrowserJavaVersion: 10.71.2
Run by The Newmans at 20:19:51 on 2014-11-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.81 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\The Newmans\AppData\Local\Akamai\netsession_win.exe
C:\Users\The Newmans\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\syswow64\dllhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\syswow64\windowspowershell\v1.0\powershell.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uProxyOverride = <local>;192.168.*.*
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [Akamai NetSession Interface] "C:\Users\The Newmans\AppData\Local\Akamai\netsession_win.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\The Newmans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001065-0002-0065-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{01EEE925-EB88-440D-A564-24E619EB0922} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Newmans\AppData\Roaming\Mozilla\Firefox\Profiles\p8mnwrtx.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\The Newmans\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\NPRobloxProxy.dll
FF - plugin: C:\Users\The Newmans\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\NPRobloxProxy64.dll
FF - plugin: C:\Users\The Newmans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2013-01-09 18:32; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-10 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-10 38016]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-11-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-11-3 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-11-3 168096]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\dddskx64.sys [2013-5-23 26024]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20141103.011\IDSviA64.sys [2014-11-4 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-11-3 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-11-3 432800]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-6-20 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-4 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-4 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-4 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]
R3 stdriver;SoundTap Filter Driver v6.07.00;C:\Windows\System32\drivers\stdriverx64.sys [2013-12-17 33488]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-10 38456]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-11 19456]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2012-11-3 34352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-11 57856]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2013-11-13 29288]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-11-05 00:13:41 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-05 00:12:46 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-05 00:12:46 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-05 00:12:46 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-05 00:12:46 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-05 00:12:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 00:05:44 -------- d-----w- C:\Users\The Newmans\AppData\Roaming\KSafe
2014-11-05 00:05:44 -------- d-----w- C:\ProgramData\KSafe
2014-11-05 00:05:07 -------- d-----w- C:\Program Files (x86)\DllTool
2014-10-17 22:36:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-15 18:27:49 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 18:27:43 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-15 18:27:43 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-15 18:27:43 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-15 18:27:43 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-15 18:27:43 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-15 18:27:43 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-15 18:27:08 842240 ----a-w- C:\Windows\System32\blackbox.dll
2014-10-15 18:27:07 744960 ----a-w- C:\Windows\SysWow64\blackbox.dll
2014-10-15 18:27:07 1202176 ----a-w- C:\Windows\System32\drmv2clt.dll
2014-10-15 18:27:04 988160 ----a-w- C:\Windows\SysWow64\drmv2clt.dll
2014-10-15 18:25:31 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-15 18:25:30 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-15 18:25:28 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-15 18:25:09 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 18:25:08 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 18:24:43 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-15 18:24:43 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-10-15 18:24:43 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-10-15 18:24:43 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-10-15 18:24:43 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-15 18:24:43 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-15 18:24:43 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-15 18:24:42 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-15 18:24:42 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-15 18:24:06 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-15 18:24:06 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-15 18:23:53 681984 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-15 18:23:53 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-10-15 18:23:53 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-10-15 18:23:53 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-15 18:23:53 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-10-15 18:23:53 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-10-15 18:23:52 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-10-15 18:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-10-15 18:23:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-10-15 18:23:52 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-10-15 18:23:52 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
==================== Find3M ====================
.
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 01:09:48 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 01:09:48 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-20 02:43:32 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-09-20 02:35:33 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 20:26:30.32 ===============
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
I have run the roguekiller. It comes up with a file "Poweliks". It give a description that you have to run the scan, then go to the task manager and kill the dllhost.dll. Then go back in roguekiller and delete the "Poweliks". It says if you can't end the dll process, restart the computer in safe mode then retry the process. But for some reason the computer will not go into safe mode. Is there a reason why it will not go into safe mode.
 
go to the task manager and kill the dllhost.dll
Click to expand...
Can't you do it in normal mode?
Poweliks malware may be preventing you from going to safe mode.
 
I did the scan and it find the Poweliks. The direction says to go in the task manager and stop the process. But when I did it says that I can not stop the process. I have uploaded the screen shot. I still get a pop-up in the lower right corner saying that a outbound traffic was blocked from the dllhost.exe. It lists several websites that it is trying to access. I will get a screen shot of the warning and upload also. The only good thing I see is that it is not starting 10-15 dllhosts at the same time. Also the pop-up has only been showing during the first couple minutes. Not sure about that. I will try the scan again to see if it will let me delete the Poweliks again.
 

Attachments

  • screen shot.jpg
    screen shot.jpg
    311.7 KB · Views: 0
We're definitely not done.
Poweliks is a very serious infection.

I need to see RogueKiller and MBAR logs.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

A
  • Locked
Developer delves into Denuvo DRM to run Hogwarts Legacy on a secondary PC
2 3
Replies
51
Views
522
GodisanAtheist
GodisanAtheist
J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
L
HP Class Action Lawsuit in 2023
Replies
0
Views
291
lsmartin
L

Latest posts

Back