Chad Smith
Posts: 11 +0
[FONT=Verdana]symptoms:[/FONT]
[FONT=Verdana]1) pop up adds http://thecdn.04stream.com/ext/pop.php to http://ad.directrev.com/RealMedia/ads/adstream to some real ad.[/FONT]
[FONT=Verdana]2)black syntax box that asks for registry changes approval every time I restart.[/FONT]
[FONT=Verdana]3)Heavy cpu usage which my resource monitor says is chrome even though it is not doing anything. Since I have tried a few cleaners the cpu usage has gone down but is higher than it should be and never rests. The pop ups persist.[/FONT]
[FONT=Verdana]4)also my computer says I do not have any restore points[/FONT]
[FONT=Verdana]I've done everything before posting a log and some other scans. I will answer any questions eagerly.[/FONT]
[FONT=Verdana]Malware bytes showed zero threats. Tried uninstalling and reinstalling chrome, doing scans inbetween. Logs below.[/FONT]
[FONT=Verdana]Malwarebytes Anti-Malware 1.70.0.1100[/FONT]
[FONT=Verdana]www.malwarebytes.org[/FONT]
[FONT=Verdana]Database version: v2013.02.16.01[/FONT]
[FONT=Verdana]Windows 7 Service Pack 1 x86 NTFS[/FONT]
[FONT=Verdana]Internet Explorer 8.0.7601.17514[/FONT]
[FONT=Verdana]chad :: ASUS-PC [administrator][/FONT]
[FONT=Verdana]2/17/2013 5:51:58 PM[/FONT]
[FONT=Verdana]mbam-log-2013-02-17 (17-51-58).txt[/FONT]
[FONT=Verdana]Scan type: Quick scan[/FONT]
[FONT=Verdana]Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM[/FONT]
[FONT=Verdana]Scan options disabled: P2P[/FONT]
[FONT=Verdana]Objects scanned: 207636[/FONT]
[FONT=Verdana]Time elapsed: 19 minute(s), 23 second(s)[/FONT]
[FONT=Verdana]Memory Processes Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Memory Modules Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Registry Keys Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Registry Values Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Registry Data Items Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Folders Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Files Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana](end)[/FONT]
[FONT=Verdana]DDS (Ver_2012-11-20.01) - NTFS_x86 [/FONT]
[FONT=Verdana]Internet Explorer: 8.0.7601.17514[/FONT]
[FONT=Verdana]Run by chad at 17:41:53 on 2013-02-17[/FONT]
[FONT=Verdana]Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.393 [GMT -8:00][/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}[/FONT]
[FONT=Verdana]SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=Verdana]SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}[/FONT]
[FONT=Verdana]SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}[/FONT]
[FONT=Verdana]FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============== Running Processes ================[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]C:\windows\system32\wininit.exe[/FONT]
[FONT=Verdana]C:\windows\system32\lsm.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[/FONT]
[FONT=Verdana]C:\windows\System32\spoolsv.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[/FONT]
[FONT=Verdana]C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[/FONT]
[FONT=Verdana]C:\Program Files\Application Updater\ApplicationUpdater.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\AsusService.exe[/FONT]
[FONT=Verdana]C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe[/FONT]
[FONT=Verdana]C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[/FONT]
[FONT=Verdana]C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[/FONT]
[FONT=Verdana]C:\windows\system32\taskhost.exe[/FONT]
[FONT=Verdana]C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe[/FONT]
[FONT=Verdana]C:\windows\system32\Dwm.exe[/FONT]
[FONT=Verdana]C:\windows\Explorer.EXE[/FONT]
[FONT=Verdana]C:\Windows\AsScrPro.exe[/FONT]
[FONT=Verdana]C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[/FONT]
[FONT=Verdana]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[/FONT]
[FONT=Verdana]C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[/FONT]
[FONT=Verdana]C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\igfxtray.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\hkcmd.exe[/FONT]
[FONT=Verdana]C:\Windows\system32\igfxsrvc.exe[/FONT]
[FONT=Verdana]C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[/FONT]
[FONT=Verdana]C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[/FONT]
[FONT=Verdana]C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\igfxpers.exe[/FONT]
[FONT=Verdana]C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[/FONT]
[FONT=Verdana]C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[/FONT]
[FONT=Verdana]C:\windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Verdana]C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[/FONT]
[FONT=Verdana]C:\Users\chad\AppData\Roaming\Google\Google Talk\googletalk.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[/FONT]
[FONT=Verdana]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[/FONT]
[FONT=Verdana]C:\windows\system32\SearchIndexer.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[/FONT]
[FONT=Verdana]C:\windows\system32\taskmgr.exe[/FONT]
[FONT=Verdana]C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[/FONT]
[FONT=Verdana]C:\Users\chad\AppData\Local\Google\Update\GoogleUpdate.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\windows\system32\rundll32.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Real\RealPlayer\update\realsched.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Users\chad\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\windows\System32\perfmon.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\windows\system32\SearchProtocolHost.exe[/FONT]
[FONT=Verdana]C:\windows\system32\SearchFilterHost.exe[/FONT]
[FONT=Verdana]C:\windows\system32\conhost.exe[/FONT]
[FONT=Verdana]C:\windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=Verdana]C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=Verdana]C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k imgsvc[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============== Pseudo HJT Report ===============[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]uStart Page = hxxp://search.yahoo.com?type=800236&fr=spigot-yhp-ie[/FONT]
[FONT=Verdana]uDefault_Page_URL = hxxp://asus.msn.com[/FONT]
[FONT=Verdana]uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\6.9\iobitappsToolbarIE.dll[/FONT]
[FONT=Verdana]uURLSearchHooks: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - <orphaned>[/FONT]
[FONT=Verdana]uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\6.9\iobitappsToolbarIE.dll[/FONT]
[FONT=Verdana]BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll[/FONT]
[FONT=Verdana]BHO: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - <orphaned>[/FONT]
[FONT=Verdana]BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll[/FONT]
[FONT=Verdana]BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>[/FONT]
[FONT=Verdana]BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll[/FONT]
[FONT=Verdana]BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.2.0.19\ips\ipsbho.dll[/FONT]
[FONT=Verdana]BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll[/FONT]
[FONT=Verdana]BHO: ASUS Windows 7 Starter Helper: {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - c:\program files\asus\systemsetting\StarterHelper.dll[/FONT]
[FONT=Verdana]BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll[/FONT]
[FONT=Verdana]TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll[/FONT]
[FONT=Verdana]TB: Swag Bucks Toolbar: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll[/FONT]
[FONT=Verdana]TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll[/FONT]
[FONT=Verdana]TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\6.9\iobitappsToolbarIE.dll[/FONT]
[FONT=Verdana]uRun: [googletalk] c:\users\chad\appdata\roaming\google\google talk\googletalk.exe /autostart[/FONT]
[FONT=Verdana]uRun: [Google Update] "c:\users\chad\appdata\local\google\update\GoogleUpdate.exe" /c[/FONT]
[FONT=Verdana]uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart[/FONT]
[FONT=Verdana]uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe[/FONT]
[FONT=Verdana]mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe[/FONT]
[FONT=Verdana]mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"[/FONT]
[FONT=Verdana]mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto[/FONT]
[FONT=Verdana]mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe[/FONT]
[FONT=Verdana]mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe[/FONT]
[FONT=Verdana]mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe[/FONT]
[FONT=Verdana]mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe[/FONT]
[FONT=Verdana]mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe[/FONT]
[FONT=Verdana]mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe[/FONT]
[FONT=Verdana]mRun: [IgfxTray] c:\windows\system32\igfxtray.exe[/FONT]
[FONT=Verdana]mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe[/FONT]
[FONT=Verdana]mRun: [Persistence] c:\windows\system32\igfxpers.exe[/FONT]
[FONT=Verdana]mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s[/FONT]
[FONT=Verdana]mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"[/FONT]
[FONT=Verdana]mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"[/FONT]
[FONT=Verdana]mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot[/FONT]
[FONT=Verdana]mRun: [autoauto] c.bat[/FONT]
[FONT=Verdana]mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"[/FONT]
[FONT=Verdana]mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart[/FONT]
[FONT=Verdana]uPolicies-Explorer: NoDriveTypeAutoRun = dword:145[/FONT]
[FONT=Verdana]mPolicies-System: ConsentPromptBehaviorAdmin = dword:5[/FONT]
[FONT=Verdana]mPolicies-System: ConsentPromptBehaviorUser = dword:3[/FONT]
[FONT=Verdana]mPolicies-System: EnableUIADesktopToggle = dword:0[/FONT]
[FONT=Verdana]IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000[/FONT]
[FONT=Verdana]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll[/FONT]
[FONT=Verdana]IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll[/FONT]
[FONT=Verdana]IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}[/FONT]
[FONT=Verdana]DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab[/FONT]
[FONT=Verdana]DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab[/FONT]
[FONT=Verdana]TCP: NameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022} : DHCPNameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\140707C65602E4564777F627B602035393667346 : DHCPNameServer = 10.0.1.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\140707C65602E4564777F627B602238316531626 : DHCPNameServer = 10.0.1.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\24259414E4 : DHCPNameServer = 10.1.10.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\44F627D637 : DHCPNameServer = 192.168.1.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\452434D27657563747 : DHCPNameServer = 10.1.10.1 192.168.33.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\D697C474E45647 : DHCPNameServer = 10.1.1.101[/FONT]
[FONT=Verdana]Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll[/FONT]
[FONT=Verdana]Notify: igfxcui - igfxdev.dll[/FONT]
[FONT=Verdana]SSODL: WebCheck - <orphaned>[/FONT]
[FONT=Verdana]mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2012-11-11 368288][/FONT]
[FONT=Verdana]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2012-11-11 927904][/FONT]
[FONT=Verdana]R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-11-10 11448][/FONT]
[FONT=Verdana]R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130208.001\BHDrvx86.sys [2013-2-12 997464][/FONT]
[FONT=Verdana]R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2012-11-11 134304][/FONT]
[FONT=Verdana]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130215.001\IDSvix86.sys [2013-2-15 386720][/FONT]
[FONT=Verdana]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880][/FONT]
[FONT=Verdana]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664][/FONT]
[FONT=Verdana]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2012-11-11 175264][/FONT]
[FONT=Verdana]R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1402000.013\symnets.sys [2012-11-11 338592][/FONT]
[FONT=Verdana]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608][/FONT]
[FONT=Verdana]R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-14 913752][/FONT]
[FONT=Verdana]R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-2-8 805240][/FONT]
[FONT=Verdana]R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-11-10 219136][/FONT]
[FONT=Verdana]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-20 106656][/FONT]
[FONT=Verdana]R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2013-2-11 20336][/FONT]
[FONT=Verdana]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712][/FONT]
[FONT=Verdana]R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2013-2-11 30640][/FONT]
[FONT=Verdana]R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2013-2-11 19832][/FONT]
[FONT=Verdana]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=Verdana]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888][/FONT]
[FONT=Verdana]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-6 43944][/FONT]
[FONT=Verdana]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-10-15 55280][/FONT]
[FONT=Verdana]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064][/FONT]
[FONT=Verdana]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-16 52224][/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]=============== Created Last 30 ================[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]2013-02-18 00:13:01 -------- d-----w- c:\program files\Trend Micro[/FONT]
[FONT=Verdana]2013-02-17 04:46:57 -------- d-----w- c:\users\chad\appdata\local\CRE[/FONT]
[FONT=Verdana]2013-02-16 22:05:39 -------- d-----w- c:\users\chad\appdata\roaming\SUPERAntiSpyware.com[/FONT]
[FONT=Verdana]2013-02-16 22:04:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com[/FONT]
[FONT=Verdana]2013-02-16 22:04:24 -------- d-----w- c:\program files\SUPERAntiSpyware[/FONT]
[FONT=Verdana]2013-02-16 01:24:19 -------- d-----w- c:\program files\CCleaner[/FONT]
[FONT=Verdana]2013-02-14 00:16:56 -------- d-----w- c:\users\chad\appdata\roaming\avidemux[/FONT]
[FONT=Verdana]2013-02-14 00:16:22 -------- d-----w- c:\program files\Avidemux 2.5[/FONT]
[FONT=Verdana]2013-02-13 09:50:59 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys[/FONT]
[FONT=Verdana]2013-02-13 09:50:58 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS[/FONT]
[FONT=Verdana]2013-02-13 09:50:56 760320 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll[/FONT]
[FONT=Verdana]2013-02-13 09:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll[/FONT]
[FONT=Verdana]2013-02-12 20:59:47 -------- d-----w- c:\programdata\HitmanPro[/FONT]
[FONT=Verdana]2013-02-12 05:09:02 -------- d-----w- c:\program files\Application Updater[/FONT]
[FONT=Verdana]2013-02-12 05:09:01 -------- d-----w- c:\program files\common files\Spigot[/FONT]
[FONT=Verdana]2013-02-12 05:09:00 -------- d-----w- c:\program files\IObit Apps Toolbar[/FONT]
[FONT=Verdana]2013-02-12 04:15:07 -------- d-----w- c:\users\chad\appdata\roaming\Malwarebytes[/FONT]
[FONT=Verdana]2013-02-12 04:14:35 -------- d-----w- c:\programdata\Malwarebytes[/FONT]
[FONT=Verdana]2013-02-12 04:14:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys[/FONT]
[FONT=Verdana]2013-02-12 04:14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware[/FONT]
[FONT=Verdana]2013-02-12 04:13:44 -------- d-----w- c:\users\chad\appdata\local\Programs[/FONT]
[FONT=Verdana]2013-02-03 06:35:25 -------- d-----w- C:\a[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]==================== Find3M ====================[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]2013-01-10 19:41:34 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys[/FONT]
[FONT=Verdana]2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys[/FONT]
[FONT=Verdana]2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe[/FONT]
[FONT=Verdana]2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe[/FONT]
[FONT=Verdana]2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys[/FONT]
[FONT=Verdana]2012-12-21 20:12:59 499712 ----a-w- c:\windows\system32\msvcp71.dll[/FONT]
[FONT=Verdana]2012-12-21 20:12:59 348160 ----a-w- c:\windows\system32\msvcr71.dll[/FONT]
[FONT=Verdana]2012-12-20 19:10:12 741 ----a-w- c:\windows\system32\lod1.vbs[/FONT]
[FONT=Verdana]2012-12-20 12:53:51 981504 ----a-w- c:\windows\system32\wininet.dll[/FONT]
[FONT=Verdana]2012-12-20 11:20:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb[/FONT]
[FONT=Verdana]2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll[/FONT]
[FONT=Verdana]2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll[/FONT]
[FONT=Verdana]2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll[/FONT]
[FONT=Verdana]2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll[/FONT]
[FONT=Verdana]2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll[/FONT]
[FONT=Verdana]2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe[/FONT]
[FONT=Verdana]2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll[/FONT]
[FONT=Verdana]2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============= FINISH: 17:44:46.79 ===============[/FONT]
[FONT=Verdana]1) pop up adds http://thecdn.04stream.com/ext/pop.php to http://ad.directrev.com/RealMedia/ads/adstream to some real ad.[/FONT]
[FONT=Verdana]2)black syntax box that asks for registry changes approval every time I restart.[/FONT]
[FONT=Verdana]3)Heavy cpu usage which my resource monitor says is chrome even though it is not doing anything. Since I have tried a few cleaners the cpu usage has gone down but is higher than it should be and never rests. The pop ups persist.[/FONT]
[FONT=Verdana]4)also my computer says I do not have any restore points[/FONT]
[FONT=Verdana]I've done everything before posting a log and some other scans. I will answer any questions eagerly.[/FONT]
[FONT=Verdana]Malware bytes showed zero threats. Tried uninstalling and reinstalling chrome, doing scans inbetween. Logs below.[/FONT]
[FONT=Verdana]Malwarebytes Anti-Malware 1.70.0.1100[/FONT]
[FONT=Verdana]www.malwarebytes.org[/FONT]
[FONT=Verdana]Database version: v2013.02.16.01[/FONT]
[FONT=Verdana]Windows 7 Service Pack 1 x86 NTFS[/FONT]
[FONT=Verdana]Internet Explorer 8.0.7601.17514[/FONT]
[FONT=Verdana]chad :: ASUS-PC [administrator][/FONT]
[FONT=Verdana]2/17/2013 5:51:58 PM[/FONT]
[FONT=Verdana]mbam-log-2013-02-17 (17-51-58).txt[/FONT]
[FONT=Verdana]Scan type: Quick scan[/FONT]
[FONT=Verdana]Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM[/FONT]
[FONT=Verdana]Scan options disabled: P2P[/FONT]
[FONT=Verdana]Objects scanned: 207636[/FONT]
[FONT=Verdana]Time elapsed: 19 minute(s), 23 second(s)[/FONT]
[FONT=Verdana]Memory Processes Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Memory Modules Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Registry Keys Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Registry Values Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Registry Data Items Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Folders Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana]Files Detected: 0[/FONT]
[FONT=Verdana](No malicious items detected)[/FONT]
[FONT=Verdana](end)[/FONT]
[FONT=Verdana]DDS (Ver_2012-11-20.01) - NTFS_x86 [/FONT]
[FONT=Verdana]Internet Explorer: 8.0.7601.17514[/FONT]
[FONT=Verdana]Run by chad at 17:41:53 on 2013-02-17[/FONT]
[FONT=Verdana]Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.393 [GMT -8:00][/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}[/FONT]
[FONT=Verdana]SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=Verdana]SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}[/FONT]
[FONT=Verdana]SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}[/FONT]
[FONT=Verdana]FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============== Running Processes ================[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]C:\windows\system32\wininit.exe[/FONT]
[FONT=Verdana]C:\windows\system32\lsm.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[/FONT]
[FONT=Verdana]C:\windows\System32\spoolsv.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[/FONT]
[FONT=Verdana]C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[/FONT]
[FONT=Verdana]C:\Program Files\Application Updater\ApplicationUpdater.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\AsusService.exe[/FONT]
[FONT=Verdana]C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe[/FONT]
[FONT=Verdana]C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[/FONT]
[FONT=Verdana]C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[/FONT]
[FONT=Verdana]C:\windows\system32\taskhost.exe[/FONT]
[FONT=Verdana]C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe[/FONT]
[FONT=Verdana]C:\windows\system32\Dwm.exe[/FONT]
[FONT=Verdana]C:\windows\Explorer.EXE[/FONT]
[FONT=Verdana]C:\Windows\AsScrPro.exe[/FONT]
[FONT=Verdana]C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[/FONT]
[FONT=Verdana]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[/FONT]
[FONT=Verdana]C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[/FONT]
[FONT=Verdana]C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\igfxtray.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\hkcmd.exe[/FONT]
[FONT=Verdana]C:\Windows\system32\igfxsrvc.exe[/FONT]
[FONT=Verdana]C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[/FONT]
[FONT=Verdana]C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[/FONT]
[FONT=Verdana]C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[/FONT]
[FONT=Verdana]C:\Windows\System32\igfxpers.exe[/FONT]
[FONT=Verdana]C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[/FONT]
[FONT=Verdana]C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[/FONT]
[FONT=Verdana]C:\windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Verdana]C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[/FONT]
[FONT=Verdana]C:\Users\chad\AppData\Roaming\Google\Google Talk\googletalk.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[/FONT]
[FONT=Verdana]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[/FONT]
[FONT=Verdana]C:\windows\system32\SearchIndexer.exe[/FONT]
[FONT=Verdana]C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[/FONT]
[FONT=Verdana]C:\windows\system32\taskmgr.exe[/FONT]
[FONT=Verdana]C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[/FONT]
[FONT=Verdana]C:\Users\chad\AppData\Local\Google\Update\GoogleUpdate.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\windows\system32\rundll32.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Real\RealPlayer\update\realsched.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Users\chad\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\windows\System32\perfmon.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\Program Files\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Verdana]C:\windows\system32\SearchProtocolHost.exe[/FONT]
[FONT=Verdana]C:\windows\system32\SearchFilterHost.exe[/FONT]
[FONT=Verdana]C:\windows\system32\conhost.exe[/FONT]
[FONT=Verdana]C:\windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=Verdana]C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=Verdana]C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k imgsvc[/FONT]
[FONT=Verdana]C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============== Pseudo HJT Report ===============[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]uStart Page = hxxp://search.yahoo.com?type=800236&fr=spigot-yhp-ie[/FONT]
[FONT=Verdana]uDefault_Page_URL = hxxp://asus.msn.com[/FONT]
[FONT=Verdana]uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\6.9\iobitappsToolbarIE.dll[/FONT]
[FONT=Verdana]uURLSearchHooks: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - <orphaned>[/FONT]
[FONT=Verdana]uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\6.9\iobitappsToolbarIE.dll[/FONT]
[FONT=Verdana]BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll[/FONT]
[FONT=Verdana]BHO: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - <orphaned>[/FONT]
[FONT=Verdana]BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll[/FONT]
[FONT=Verdana]BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>[/FONT]
[FONT=Verdana]BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll[/FONT]
[FONT=Verdana]BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.2.0.19\ips\ipsbho.dll[/FONT]
[FONT=Verdana]BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll[/FONT]
[FONT=Verdana]BHO: ASUS Windows 7 Starter Helper: {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - c:\program files\asus\systemsetting\StarterHelper.dll[/FONT]
[FONT=Verdana]BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll[/FONT]
[FONT=Verdana]TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll[/FONT]
[FONT=Verdana]TB: Swag Bucks Toolbar: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll[/FONT]
[FONT=Verdana]TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll[/FONT]
[FONT=Verdana]TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll[/FONT]
[FONT=Verdana]TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\6.9\iobitappsToolbarIE.dll[/FONT]
[FONT=Verdana]uRun: [googletalk] c:\users\chad\appdata\roaming\google\google talk\googletalk.exe /autostart[/FONT]
[FONT=Verdana]uRun: [Google Update] "c:\users\chad\appdata\local\google\update\GoogleUpdate.exe" /c[/FONT]
[FONT=Verdana]uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart[/FONT]
[FONT=Verdana]uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe[/FONT]
[FONT=Verdana]mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe[/FONT]
[FONT=Verdana]mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"[/FONT]
[FONT=Verdana]mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto[/FONT]
[FONT=Verdana]mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe[/FONT]
[FONT=Verdana]mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe[/FONT]
[FONT=Verdana]mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe[/FONT]
[FONT=Verdana]mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe[/FONT]
[FONT=Verdana]mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe[/FONT]
[FONT=Verdana]mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe[/FONT]
[FONT=Verdana]mRun: [IgfxTray] c:\windows\system32\igfxtray.exe[/FONT]
[FONT=Verdana]mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe[/FONT]
[FONT=Verdana]mRun: [Persistence] c:\windows\system32\igfxpers.exe[/FONT]
[FONT=Verdana]mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s[/FONT]
[FONT=Verdana]mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"[/FONT]
[FONT=Verdana]mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"[/FONT]
[FONT=Verdana]mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot[/FONT]
[FONT=Verdana]mRun: [autoauto] c.bat[/FONT]
[FONT=Verdana]mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"[/FONT]
[FONT=Verdana]mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart[/FONT]
[FONT=Verdana]uPolicies-Explorer: NoDriveTypeAutoRun = dword:145[/FONT]
[FONT=Verdana]mPolicies-System: ConsentPromptBehaviorAdmin = dword:5[/FONT]
[FONT=Verdana]mPolicies-System: ConsentPromptBehaviorUser = dword:3[/FONT]
[FONT=Verdana]mPolicies-System: EnableUIADesktopToggle = dword:0[/FONT]
[FONT=Verdana]IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000[/FONT]
[FONT=Verdana]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll[/FONT]
[FONT=Verdana]IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll[/FONT]
[FONT=Verdana]IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}[/FONT]
[FONT=Verdana]DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab[/FONT]
[FONT=Verdana]DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab[/FONT]
[FONT=Verdana]TCP: NameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022} : DHCPNameServer = 75.75.75.75 75.75.76.76[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\140707C65602E4564777F627B602035393667346 : DHCPNameServer = 10.0.1.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\140707C65602E4564777F627B602238316531626 : DHCPNameServer = 10.0.1.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\24259414E4 : DHCPNameServer = 10.1.10.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\44F627D637 : DHCPNameServer = 192.168.1.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\452434D27657563747 : DHCPNameServer = 10.1.10.1 192.168.33.1[/FONT]
[FONT=Verdana]TCP: Interfaces\{FA1D7364-4E2C-41A3-89BB-DE9908F77022}\D697C474E45647 : DHCPNameServer = 10.1.1.101[/FONT]
[FONT=Verdana]Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll[/FONT]
[FONT=Verdana]Notify: igfxcui - igfxdev.dll[/FONT]
[FONT=Verdana]SSODL: WebCheck - <orphaned>[/FONT]
[FONT=Verdana]mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2012-11-11 368288][/FONT]
[FONT=Verdana]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2012-11-11 927904][/FONT]
[FONT=Verdana]R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-11-10 11448][/FONT]
[FONT=Verdana]R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130208.001\BHDrvx86.sys [2013-2-12 997464][/FONT]
[FONT=Verdana]R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2012-11-11 134304][/FONT]
[FONT=Verdana]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130215.001\IDSvix86.sys [2013-2-15 386720][/FONT]
[FONT=Verdana]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880][/FONT]
[FONT=Verdana]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664][/FONT]
[FONT=Verdana]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2012-11-11 175264][/FONT]
[FONT=Verdana]R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1402000.013\symnets.sys [2012-11-11 338592][/FONT]
[FONT=Verdana]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608][/FONT]
[FONT=Verdana]R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-14 913752][/FONT]
[FONT=Verdana]R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-2-8 805240][/FONT]
[FONT=Verdana]R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-11-10 219136][/FONT]
[FONT=Verdana]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-20 106656][/FONT]
[FONT=Verdana]R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2013-2-11 20336][/FONT]
[FONT=Verdana]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712][/FONT]
[FONT=Verdana]R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2013-2-11 30640][/FONT]
[FONT=Verdana]R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2013-2-11 19832][/FONT]
[FONT=Verdana]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=Verdana]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888][/FONT]
[FONT=Verdana]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-6 43944][/FONT]
[FONT=Verdana]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-10-15 55280][/FONT]
[FONT=Verdana]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064][/FONT]
[FONT=Verdana]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-16 52224][/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]=============== Created Last 30 ================[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]2013-02-18 00:13:01 -------- d-----w- c:\program files\Trend Micro[/FONT]
[FONT=Verdana]2013-02-17 04:46:57 -------- d-----w- c:\users\chad\appdata\local\CRE[/FONT]
[FONT=Verdana]2013-02-16 22:05:39 -------- d-----w- c:\users\chad\appdata\roaming\SUPERAntiSpyware.com[/FONT]
[FONT=Verdana]2013-02-16 22:04:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com[/FONT]
[FONT=Verdana]2013-02-16 22:04:24 -------- d-----w- c:\program files\SUPERAntiSpyware[/FONT]
[FONT=Verdana]2013-02-16 01:24:19 -------- d-----w- c:\program files\CCleaner[/FONT]
[FONT=Verdana]2013-02-14 00:16:56 -------- d-----w- c:\users\chad\appdata\roaming\avidemux[/FONT]
[FONT=Verdana]2013-02-14 00:16:22 -------- d-----w- c:\program files\Avidemux 2.5[/FONT]
[FONT=Verdana]2013-02-13 09:50:59 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys[/FONT]
[FONT=Verdana]2013-02-13 09:50:58 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS[/FONT]
[FONT=Verdana]2013-02-13 09:50:56 760320 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll[/FONT]
[FONT=Verdana]2013-02-13 09:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll[/FONT]
[FONT=Verdana]2013-02-12 20:59:47 -------- d-----w- c:\programdata\HitmanPro[/FONT]
[FONT=Verdana]2013-02-12 05:09:02 -------- d-----w- c:\program files\Application Updater[/FONT]
[FONT=Verdana]2013-02-12 05:09:01 -------- d-----w- c:\program files\common files\Spigot[/FONT]
[FONT=Verdana]2013-02-12 05:09:00 -------- d-----w- c:\program files\IObit Apps Toolbar[/FONT]
[FONT=Verdana]2013-02-12 04:15:07 -------- d-----w- c:\users\chad\appdata\roaming\Malwarebytes[/FONT]
[FONT=Verdana]2013-02-12 04:14:35 -------- d-----w- c:\programdata\Malwarebytes[/FONT]
[FONT=Verdana]2013-02-12 04:14:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys[/FONT]
[FONT=Verdana]2013-02-12 04:14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware[/FONT]
[FONT=Verdana]2013-02-12 04:13:44 -------- d-----w- c:\users\chad\appdata\local\Programs[/FONT]
[FONT=Verdana]2013-02-03 06:35:25 -------- d-----w- C:\a[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]==================== Find3M ====================[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]2013-01-10 19:41:34 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys[/FONT]
[FONT=Verdana]2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys[/FONT]
[FONT=Verdana]2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe[/FONT]
[FONT=Verdana]2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe[/FONT]
[FONT=Verdana]2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys[/FONT]
[FONT=Verdana]2012-12-21 20:12:59 499712 ----a-w- c:\windows\system32\msvcp71.dll[/FONT]
[FONT=Verdana]2012-12-21 20:12:59 348160 ----a-w- c:\windows\system32\msvcr71.dll[/FONT]
[FONT=Verdana]2012-12-20 19:10:12 741 ----a-w- c:\windows\system32\lod1.vbs[/FONT]
[FONT=Verdana]2012-12-20 12:53:51 981504 ----a-w- c:\windows\system32\wininet.dll[/FONT]
[FONT=Verdana]2012-12-20 11:20:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb[/FONT]
[FONT=Verdana]2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll[/FONT]
[FONT=Verdana]2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll[/FONT]
[FONT=Verdana]2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll[/FONT]
[FONT=Verdana]2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll[/FONT]
[FONT=Verdana]2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll[/FONT]
[FONT=Verdana]2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll[/FONT]
[FONT=Verdana]2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe[/FONT]
[FONT=Verdana]2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll[/FONT]
[FONT=Verdana]2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll[/FONT]
[FONT=Verdana].[/FONT]
[FONT=Verdana]============= FINISH: 17:44:46.79 ===============[/FONT]