PDA

View Full Version : search gol and FVL download are taking over my browsers, Delta Toolbar



AprilC
2013-09-24, 19:53
Hi,

I apologize in advance if I don't provide the right information. I'm a little overwhelmed. I downloaded mozilla last night and I think I brought in some adware with it. Search gol keeps turning itself into my homepage and when I use other websites I get floating ads for FVL downloads and refrigerator information. I used spybot search & destroy and it has found and fixed several toolbars. The one that keeps showing up in the spybot scan is Delta Toolbar and spybot appears to fix the problem but every time I scan, it finds Delta Toolbar again.

Thank you for your help.

AprilC

Here are the analysis messages:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Halhanningham at 10:14:42 on 2013-09-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.1984 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Users\Halhanningham\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\NAV.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: LyriXeeker-1: {11111111-1111-1111-1111-110411181156} - C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\IPS\IPSBHO.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Halhanningham\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\CoIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\CoIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.4.252.252 205.153.159.252
TCP: Interfaces\{A9AAF4C4-CAF7-4A3A-A13D-5757DAB20855} : DHCPNameServer = 10.4.252.252 205.153.159.252
TCP: Interfaces\{A9AAF4C4-CAF7-4A3A-A13D-5757DAB20855}\14072796C63702E4564777F627B6 : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: LyriXeeker-1: {11111111-1111-1111-1111-110411181156} - C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Halhanningham\AppData\Roaming\Mozilla\Firefox\Profiles\dudjhdl1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=609AC485082AD321&affID=119351&tsp=5015
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - ExtSQL: 2013-09-24 08:04; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.1.3\IPSFFPlgn
FF - ExtSQL: 2013-09-24 08:57; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2013-9-23 27056]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\drivers\excsd.sys [2013-9-23 95024]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-14 19224]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1500010.003\SymDS64.sys [2013-9-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1500010.003\SymEFA64.sys [2013-9-23 1147480]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-3 1525336]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1500010.003\ccSetx64.sys [2013-9-23 150104]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE05000.043\ccSetx64.sys [2013-9-23 150104]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\drivers\excfs.sys [2013-9-23 23344]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20130923.001\IDSviA64.sys [2013-9-23 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1500010.003\Ironx64.sys [2013-9-23 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1500010.003\symnets.sys [2013-9-23 590424]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-1 659976]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 BitGuard;BitGuard;C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-9-23 2845152]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-3-8 135952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Halhanningham\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-9-23 107520]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [2012-6-14 18944]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [2012-6-14 19968]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2013-9-24 773152]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-9-23 128280]
R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-9-23 193536]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-9-23 161560]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.0.1.3\NAV.exe [2013-9-23 262288]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe [2013-9-23 129424]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-9-23 1901752]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-9-23 363800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-4-17 2671376]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2013-9-23 17152]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-1 195584]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2012-4-11 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2012-4-11 16512]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\drivers\DptfDevDram.sys [2012-6-14 107288]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\drivers\DptfDevFan.sys [2012-6-14 42776]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\drivers\DptfDevGen.sys [2012-6-14 64792]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\drivers\DptfDevPch.sys [2012-6-14 96024]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\drivers\DptfDevProc.sys [2012-6-14 220952]
R3 DptfManager;DptfManager;C:\Windows\System32\drivers\DptfManager.sys [2012-6-14 357656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-23 140376]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-6-14 200488]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-14 331264]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2013-9-23 26504]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-14 356632]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-14 789272]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-28 25496]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2013-9-23 311400]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-9-16 573952]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-1 195584]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-28 34232]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-4-17 273168]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2013-9-24 26856]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-24 16:06:08 -------- d-----w- C:\ProgramData\Fitbit
2013-09-24 16:06:00 31976 ----a-w- C:\Windows\System32\drivers\SiLib.sys
2013-09-24 16:06:00 26856 ----a-w- C:\Windows\System32\drivers\SiUSBXp.sys
2013-09-24 16:06:00 -------- d-----w- C:\Program Files (x86)\Fitbit
2013-09-24 07:30:48 -------- d-----w- C:\Users\Halhanningham\AppData\Local\CrashDumps
2013-09-24 07:28:12 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-09-24 07:28:12 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-09-24 07:10:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-09-24 07:10:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-09-24 06:37:25 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-24 06:33:18 150104 ----a-r- C:\Windows\System32\drivers\NSTx64\7DE05000.043\ccSetx64.sys
2013-09-24 06:33:11 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DE05000.043
2013-09-24 06:33:11 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2013-09-24 06:33:09 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
2013-09-24 06:32:57 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-09-24 06:32:57 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-09-24 06:32:45 854616 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\srtsp64.sys
2013-09-24 06:32:45 590424 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\symnets.sys
2013-09-24 06:32:45 493656 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\SymDS64.sys
2013-09-24 06:32:45 36952 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\srtspx64.sys
2013-09-24 06:32:45 264280 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\Ironx64.sys
2013-09-24 06:32:45 23568 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\SymELAM.sys
2013-09-24 06:32:45 150104 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\ccSetx64.sys
2013-09-24 06:32:45 1147480 ----a-r- C:\Windows\System32\drivers\NAVx64\1500010.003\SymEFA64.sys
2013-09-24 06:31:41 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1500010.003
2013-09-24 06:31:41 -------- d-----w- C:\Windows\System32\drivers\NAVx64
2013-09-24 06:31:36 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
2013-09-24 06:31:35 -------- d-----w- C:\ProgramData\Norton
2013-09-24 06:27:20 -------- d-----w- C:\ProgramData\NortonInstaller
2013-09-24 06:27:20 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-09-24 05:59:22 -------- d-----w- C:\Users\Halhanningham\AppData\Local\Google
2013-09-24 05:40:42 -------- d-----w- C:\Users\Halhanningham\AppData\Local\Adobe
2013-09-24 05:40:19 -------- d-----w- C:\Users\Halhanningham\AppData\Roaming\UpdaterEX
2013-09-24 05:39:58 -------- d-----w- C:\ProgramData\BitGuard
2013-09-24 05:39:35 -------- d-----w- C:\ProgramData\DSearchLink
2013-09-24 05:39:11 -------- d-----w- C:\Users\Halhanningham\AppData\Roaming\Systweak
2013-09-24 05:39:08 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-09-24 05:39:07 -------- d-----w- C:\Program Files (x86)\LyriXeeker-1
2013-09-24 05:39:02 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-09-24 05:38:51 -------- d-----w- C:\Users\Halhanningham\AppData\Roaming\DefaultTab
2013-09-24 05:27:17 -------- d-----w- C:\Users\Halhanningham\AppData\Local\Mozilla
2013-09-24 05:08:04 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-09-24 05:08:03 -------- d-----r- C:\Users\Halhanningham\SkyDrive
2013-09-24 05:07:30 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-09-24 04:51:09 -------- d-----w- C:\Users\Halhanningham\AppData\Roaming\ASUS WebStorage
2013-09-24 04:50:43 -------- d-----w- C:\Users\Halhanningham\AppData\Local\Microsoft Games
2013-09-24 04:45:03 -------- d--h--w- C:\ProgramData\Common Files
2013-09-24 04:42:55 564432 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-09-24 04:37:27 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-09-24 04:28:32 -------- d-----w- C:\Program Files\Microsoft Office 15
2013-09-24 04:20:37 -------- d-----w- C:\ProgramData\ASUS
2013-09-24 03:52:12 -------- d-----w- C:\Users\Halhanningham\AppData\Local\Diagnostics
2013-09-24 02:04:58 77919 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\myBitCast.Gadget\uninst.exe
2013-09-24 01:49:31 -------- d-----w- C:\Program Files\Intel Corporation
2013-09-24 01:49:31 -------- d-----w- C:\Program Files\Common Files\Intel Corporation
2013-09-24 01:46:13 23344 ----a-w- C:\Windows\System32\drivers\excfs.sys
2013-09-24 01:46:12 95024 ----a-w- C:\Windows\System32\drivers\excsd.sys
2013-09-24 01:46:11 -------- d-----w- C:\ProgramData\Diskeeper Corporation
2013-09-24 01:46:11 -------- d-----w- C:\Program Files\Diskeeper Corporation
2013-09-24 01:46:11 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
2013-09-24 01:46:03 27056 ----a-w- C:\Windows\System32\drivers\assd.sys
2013-09-24 01:46:02 -------- d-----w- C:\Program Files (x86)\Common Files\ASUS
2013-09-24 01:45:27 80512 ----a-w- C:\Windows\AsusScr_UX32VD Uninstaller.exe
2013-09-24 01:45:25 159862016 ------w- C:\Windows\System32\AsusScr_UX32VD.scr
2013-09-24 01:45:24 3058304 ----a-w- C:\Windows\AsScrPro.exe
2013-09-24 01:45:04 -------- d-----w- C:\ProgramData\USBChargerPlus
2013-09-24 01:43:26 162456 ----a-w- C:\Windows\SysWow64\ACEngSvr.exe
2013-09-24 01:43:08 224384 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\InstantOnTM.gadget\InstantOnCOM.dll
2013-09-24 01:42:58 17152 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
2013-09-24 01:40:24 196224 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2013-09-24 01:40:21 -------- d-----w- C:\ProgramData\P4G
2013-09-24 01:40:21 -------- d-----w- C:\Program Files\ASUS
2013-09-24 01:40:10 193536 ----a-w- C:\Windows\SysWow64\irstrtsv.exe
2013-09-24 01:40:06 26504 ----a-w- C:\Windows\System32\drivers\irstrtdv.sys
2013-09-24 01:37:39 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2013-09-24 01:35:25 -------- d-----w- C:\Program Files (x86)\ASIX Electronics Corporation
2013-09-24 01:35:17 -------- d-----w- C:\Program Files\Elantech
2013-09-24 01:34:12 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-09-24 01:33:56 -------- d-----w- C:\ProgramData\Roaming
2013-09-24 01:32:50 -------- d-----w- C:\Program Files (x86)\Cisco
2013-09-24 01:32:46 -------- d-----w- C:\ProgramData\Intel.sav
2013-09-24 01:32:37 -------- d-----w- C:\Windows\SysWow64\sda
2013-09-24 01:32:33 311400 ----a-w- C:\Windows\System32\drivers\rtsuvstor.sys
2013-09-24 01:32:33 17512 ------w- C:\Windows\System32\drivers\diskperf64.sys
2013-09-24 01:32:32 9888360 ----a-w- C:\Windows\SysWow64\RtsUVStoricon.dll
2013-09-24 01:32:01 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-09-24 01:31:32 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-09-24 01:31:31 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-09-24 01:31:13 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2013-09-24 01:31:00 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-09-24 01:31:00 -------- d-----w- C:\Program Files\Realtek
2013-09-24 01:28:36 -------- d-----w- C:\Program Files\Common Files\Intel
2013-09-24 01:28:35 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-09-24 01:24:20 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-09-24 01:24:09 -------- d-----w- C:\Intel
2013-09-24 01:22:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-24 01:21:26 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-24 01:21:00 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-24 01:21:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-24 01:17:10 -------- d-----w- C:\eSupport
2013-09-24 01:11:30 -------- d-----w- C:\Users\Halhanningham\AppData\Local\Power2Go
2013-09-24 01:11:29 387 ----a-w- C:\Users\Halhanningham\AppData\Roaming\sp_data.sys
2013-09-24 01:10:14 -------- d-----w- C:\Users\Halhanningham\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
.
============= FINISH: 10:15:29.12 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-24 10:24:00
-----------------------------
10:24:00.295 OS Version: Windows x64 6.1.7601 Service Pack 1
10:24:00.295 Number of processors: 4 586 0x3A09
10:24:00.296 ComputerName: ELEVATE UserName:
10:24:00.526 Initialze error 1
10:24:32.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:24:32.346 Disk 0 Vendor: Hitachi_ GG2O Size: 476940MB BusType: 3
10:24:32.352 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
10:24:32.357 Disk 1 Vendor: SanDisk_ 11.5 Size: 22902MB BusType: 3
10:24:32.399 Disk 0 MBR read successfully
10:24:32.402 Disk 0 MBR scan
10:24:32.405 Disk 0 unknown MBR code
10:24:32.407 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
10:24:32.409 Disk 0 scanning C:\Windows\system32\drivers
10:24:32.412 Service scanning
10:24:32.950 Modules scanning
10:24:32.959 Disk 0 trace - called modules:
10:24:32.971 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:24:32.982 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074b6060]
10:24:32.996 3 CLASSPNP.SYS[fffff88001e5143f] -> nt!IofCallDriver -> [0xfffffa80040986f0]
10:24:33.005 5 ACPI.sys[fffff88000f3f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8006257050]
10:24:33.012 Scan finished successfully
10:25:04.780 Disk 0 MBR has been saved successfully to "C:\Users\Halhanningham\Desktop\MBR.dat"
10:25:04.784 The log file has been saved successfully to "C:\Users\Halhanningham\Desktop\aswMBR.txt"