you are already being helped here and have been for some days
for your blatant defiance of the rules you have gained an infraction
you have deliberately created numerous new topics while you are already being helped.

stay in the one topic until completely solved
http://forums.techguy.org/virus-othe...og-thanks.html

I believe it means there are bad sectors on your hard disk.

Try this:

• Right click on the Start > Open Windows Explorer.
  
• Select the hard drive letter (usually local disk C) for which you want to run the Chkdsk utility.
  
• Right-click on the driver letter and select Properties > Tools.
  
• Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  
• Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  
• Click Start.
  
• Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).
  

Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Shut down your computer and then turn it back on, Chkdsk will run.

Before you do that though we should remove the infection that is still on your machine

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

• Double click on ComboFix.exe & follow the prompts.
  
• If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  
• Your desktop may go blank. This is normal.
  
• ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  
• ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

hi
I have a windows vista laptop which has Advanced system protector installed and keeps loading and stopping laptop working correctly. I have tried to uninstall via control panel add remove programs but the uninstall program fails to uninstall and says that the uninstall.msg file is missing or corrupt.


Can someone offer any sugestions please did look at this a post using OTL program but this did not work for me.


Thanks
Paul

Any help you could give would be greatly appreciated. I suspect a Trojan and a possible hacking, but not sure. Thanks in advance for your help! :o

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:06 PM, on 12/21/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - (no file)
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - AppInit_DLLs: c:\progra~2\saveby~1\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15933 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Rhonda at 12:52:49 on 2013-12-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.1362 [GMT -6:00]
.
AV: AVG Premium Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Premium Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Premium Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Users\Rhonda\Downloads\AA_v3.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://foxnews.com/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Mah%20Jong%20Medley/Images/armhelper.ocx
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{7B0FD76D-62FB-42E8-A008-6FBB9CDA8976} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7B0FD76D-62FB-42E8-A008-6FBB9CDA8976}\3556362756470235079702E4564777F627B6D27657563747 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{7B0FD76D-62FB-42E8-A008-6FBB9CDA8976}\35F6F6E6562737D214 : DHCPNameServer = 172.16.10.1
TCP: Interfaces\{7B0FD76D-62FB-42E8-A008-6FBB9CDA8976}\4527960707 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7B0FD76D-62FB-42E8-A008-6FBB9CDA8976}\47F6D6D697F66333D27657563747 : DHCPNameServer = 12.127.16.67 12.127.17.71 192.168.33.1
TCP: Interfaces\{7B0FD76D-62FB-42E8-A008-6FBB9CDA8976}\E45445745414250353 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\saveby~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\vxudkxgc.default-1352912387258\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\vxudkxgc.default-1352912387258\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\vxudkxgc.default-1352912387258\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npIdfPlugin.dll
FF - plugin: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\vxudkxgc.default-1352912387258\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\vxudkxgc.default-1352912387258\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-14 02:18; {ab91efd4-6975-4081-8552-1b3922ed79e2}; C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\vxudkxgc.default-1352912387258\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - ExtSQL: !HIDDEN! 2012-01-28 13:34; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-11-23 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-11-23 40064]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-8 30568]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-10-8 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-10-23 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2413056]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-13 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-13 682344]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-18 24176]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-29 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-26 425064]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-5-29 878184]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-11-23 53376]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-29 46136]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-12-8 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-12-21 17:07:39 -------- d-----w- C:\ProgramData\AMMYY
2013-12-13 05:40:55 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 05:40:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 05:40:54 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-13 05:40:53 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-13 03:44:45 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-09 21:00:15 -------- d-----w- C:\ProgramData\Oracle
2013-12-09 20:59:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-09 00:24:08 -------- d-----w- C:\Program Files (x86)\Oracle
2013-12-08 23:02:10 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-12-08 23:02:05 -------- d-----w- C:\Program Files\AMD
2013-12-08 22:59:59 -------- d-----w- C:\Program Files\ATI Technologies
2013-12-08 22:47:42 -------- d-----w- C:\ProgramData\Package Cache
2013-12-08 22:44:51 -------- d-----w- C:\AMD
2013-12-08 21:52:15 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-12-08 21:52:14 -------- d-----w- C:\Users\Rhonda\AppData\Local\SlimWare Utilities Inc
2013-12-08 21:52:05 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2013-12-08 21:46:44 -------- d-----w- C:\ProgramData\UAB
2013-12-08 21:46:42 -------- d-----w- C:\Users\Rhonda\AppData\Local\PC_Drivers_Headquarters
2013-12-08 21:45:49 -------- d-----w- C:\ProgramData\Driver Manager
2013-12-08 21:45:11 -------- d-----w- C:\Program Files (x86)\Driver Manager
2013-12-08 19:53:57 -------- d-----w- C:\Windows\Migration
2013-12-08 18:10:08 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-25 07:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
==================== Find3M ====================
.
2013-12-10 23:26:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:26:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-23 07:05:08 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-08 15:50:12 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-10-08 15:45:08 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-10-08 14:01:06 142792 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-10-08 14:01:06 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-10-08 14:01:04 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-10-08 14:01:04 114488 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-10-08 14:01:02 1237200 ----a-w- C:\Windows\System32\aticfx64.dll
2013-10-08 14:01:00 1030128 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-10-08 14:00:56 9464840 ----a-w- C:\Windows\System32\atidxx64.dll
2013-10-08 14:00:52 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-10-08 14:00:46 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-10-08 14:00:42 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-10-08 14:00:36 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-10-08 14:00:32 7256496 ----a-w- C:\Windows\System32\atiumd64.dll
2013-10-08 13:58:42 12534784 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-10-08 13:39:22 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-10-08 13:39:10 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-10-08 13:39:10 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-10-08 13:39:08 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-10-08 13:39:08 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-10-08 13:39:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-10-08 13:38:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-10-08 13:38:58 127488 ----a-w- C:\Windows\System32\coinst_13.152.1.8.dll
2013-10-08 13:38:52 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-10-08 13:38:48 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-10-08 13:38:30 28192256 ----a-w- C:\Windows\System32\amdocl64.dll
2013-10-08 13:36:22 23761408 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-10-08 13:34:34 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-10-08 13:34:28 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-10-08 13:17:50 25385984 ----a-w- C:\Windows\System32\atio6axx.dll
2013-10-08 13:13:44 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-10-08 13:13:34 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-10-08 13:13:32 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-10-08 13:13:26 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-10-08 13:13:24 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-10-08 13:13:08 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-10-08 13:09:52 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-10-08 13:00:30 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-10-08 12:54:10 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-10-08 12:53:58 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-10-08 12:53:50 576512 ----a-w- C:\Windows\System32\atieclxx.exe
2013-10-08 12:52:58 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-10-08 12:51:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-10-08 12:28:36 784384 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-10-08 12:28:26 594944 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-10-08 12:28:12 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-10-08 12:28:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-10-08 12:28:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-10-08 12:28:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-10-08 12:27:56 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-10-08 12:27:46 619008 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-10-08 12:24:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
.
============= FINISH: 12:53:56.04 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/26/2011 10:07:31 PM
System Uptime: 12/21/2013 10:12:32 AM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 3564
Processor: AMD A4-3300M APU with Radeon(tm) HD Graphics | Socket FS1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 205.041 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.531 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: HP LaserJet Professional P 1102w
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: HP LaserJet Professional P 1102w
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP383: 12/8/2013 4:19:01 PM - DriverUpdate Installing Drivers
RP384: 12/8/2013 4:47:23 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
RP385: 12/8/2013 4:48:39 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
RP386: 12/8/2013 6:13:31 PM - Installed Java(TM) 6 Update 31
RP387: 12/8/2013 6:16:28 PM - Installed Java(TM) 6 Update 32
RP388: 12/8/2013 6:23:07 PM - Installed Java(TM) 7 Update 5
RP389: 12/8/2013 6:23:50 PM - Installed JavaFX 2.1.1
RP390: 12/8/2013 6:28:58 PM - Installed Java(TM) 6 Update 31
RP391: 12/8/2013 8:23:37 PM - Windows Update
RP392: 12/9/2013 2:58:43 PM - Installed Java 7 Update 45
RP393: 12/12/2013 11:34:50 PM - Windows Update
RP394: 12/15/2013 1:12:50 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD System Monitor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
Bing Bar
Blio
Bonjour
BufferChm
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CyberLink YouCam
D110
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Docudesk GPL Ghostscript 8.15
Driver Manager
DriverUpdate
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Google Chrome
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
HiJackThis
HijackThis 2.0.2
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Documentation
HP IDF Software
HP Imaging Device Functions 14.0
HP MovieStore
HP On Screen Display
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP Smart Web Printing 4.60
HP Software Framework
HP Solution Center 14.0
HP Support Assistant
HP Update
HPAppStudio
HPDiagnosticAlert
HPProductAssistant
HPSSupply
IDT Audio
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 32
JavaFX 2.1.1
Junk Mail filter update
Magic Desktop
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Memeo AutoSync
Memeo Instant Backup
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.1 (x86 en-US)
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Nonprofit Forms
PDF Architect
PDFCreator
PlayReady PC Runtime x86
PS_AIO_07_B110_SW_Min
PS_AIO_07_D110_SW_Min
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RegAlive
RoxioNow Player
SaveByClick
Scan
Seagate Dashboard
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
12/21/2013 10:13:09 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
12/21/2013 10:10:01 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/18/2013 8:22:25 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The operation completed successfully.
12/17/2013 2:25:28 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-21 13:21:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000054 SAMSUNG_ rev.2AJ1 298.09GB
Running: kiot4jud.exe; Driver: C:\Users\Rhonda\AppData\Local\Temp\pwdcqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ffb000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ffb02f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2428:5788] 000007fefaf22a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2428:5832] 000007fed9d74830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2428:4112] 000007fef6755124

---- EOF - GMER 2.1 ----

Okay, looking at them now :)

Also, hope you have a nice Christmas, its a busy few days, but then I've booked off a few days off work, so got 2 weeks, and I plan on doing as little as possible :p

So, onto the logs:

That one is fine, its a program we used earlier. We'll remove all when its all better :)

Now, as we now know it was the keyboard, lets see if we can solve the Firewall issue.

I see its still not enabled, so can you see if some of the things you tried before will work now, and let me know how it goes :)

I also see a few other things that are not running, but let's see if you can start.

---

Adwcleaner found some stuff, but it looks like the remains, so do this as before:

Re-run AdwCleaner with the Scan option. After its finished scanning, click the Clean button.

Allow the cleaning process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the Report button.

Return here to your thread, then copy-and-paste the ENTIRE log here

eddie

Combo Fix:


ComboFix 13-12-23.01 - kat 12/23/2013 16:06:38.3.4 - x64
Running from: c:\users\kat\Desktop\ComboFix.exe
Command switches used :: c:\users\kat\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-11-23 to 2013-12-23 )))))))))))))))))))))))))))))))
.
.
2013-12-23 21:16 . 2013-12-23 21:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-23 21:16 . 2013-12-23 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-14 08:03 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-12 08:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 08:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 08:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 19:09 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 19:09 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-11 19:09 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 19:09 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-03 01:57 . 2013-12-03 02:00 -------- d-----w- c:\program files\Fix RegCleaner
2013-12-03 01:25 . 2013-12-03 01:27 -------- d-----w- c:\program files (x86)\Common Files\Corel
2013-12-03 01:25 . 2013-12-03 01:25 -------- d-----w- c:\program files (x86)\Corel
2013-12-02 23:57 . 2013-12-02 23:57 -------- d-----w- c:\users\kat\AppData\Roaming\DriverCure
2013-12-02 23:57 . 2013-12-02 23:57 -------- d-----w- c:\users\kat\AppData\Roaming\Foresight Software
2013-12-02 23:57 . 2013-12-03 00:34 -------- d-----w- c:\programdata\Foresight Software
2013-12-02 22:56 . 2013-12-02 22:56 -------- d-----w- c:\program files\iPod
2013-12-02 22:55 . 2013-12-02 22:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-02 22:55 . 2013-12-02 22:57 -------- d-----w- c:\program files\iTunes
2013-12-02 22:55 . 2013-12-02 22:57 -------- d-----w- c:\program files (x86)\iTunes
2013-11-25 12:22 . 2013-11-25 12:22 -------- d-----w- c:\program files (x86)\Better-Surf
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 08:00 . 2012-09-11 00:49 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-10 22:39 . 2012-10-11 16:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:39 . 2012-10-11 16:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-10 20:50 . 2013-01-02 20:29 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-10-12 02:30 . 2013-11-13 10:03 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 10:03 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 10:03 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 10:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 10:03 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 11:50 . 2013-10-31 15:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-13 10:03 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 10:03 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 10:03 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 10:03 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 10:03 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 10:03 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 10:03 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 10:03 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 10:03 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 10:03 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 10:03 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-13 10:03 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 10:03 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 10:03 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 10:03 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 10:03 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 10:03 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 10:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 10:03 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 10:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 10:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 10:03 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 10:03 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 10:03 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\a44c1728e5ab7db160cefe1581 ----
.
2013-11-07 21:08 . 2013-11-07 21:08 5835634 ----a-w- c:\a44c1728e5ab7db160cefe1581\mrt.exe._p
2013-11-07 21:00 . 2013-11-07 21:00 81112 ----a-w- c:\a44c1728e5ab7db160cefe1581\mrtstub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}]
c:\program files (x86)\Better-Surf\ie\BetterSrf.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-04-25 00:13 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-12-08 21:26 3333144 ----a-w- c:\program files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll" [2013-12-08 3333144]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-21 00:12 222832 ----a-w- c:\users\kat\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell. dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-21 00:12 222832 ----a-w- c:\users\kat\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell. dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-21 00:12 222832 ----a-w- c:\users\kat\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell. dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]
"Fastboot"="c:\program files (x86)\Lenovo\Rapidboot\FBConsole.exe" [2011-12-16 1260128]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-12-08 2471448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPY HUN~1\SH4SER~1.EXE [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\ drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCo llector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\driv ers\mferkdet.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIV ERS\netaapl64.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.e xe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers \TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drive rs\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS \wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRI VERS\yk62x64.sys [x]
S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys;c:\windows\SYSNA TIVE\DRIVERS\Fastboot.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\driver s\mfewfpk.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\d rivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\Rapidboot\FBService.exe;c:\program files (x86)\Lenovo\Rapidboot\FBService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\ cfwids.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS \IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\driv ers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Driver s\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVER S\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVE RS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 03:50 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 22:39]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 00:12]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 00:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-04-25 00:13 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-21 00:12 261744 ----a-w- c:\users\kat\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDrive Shell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-21 00:12 261744 ----a-w- c:\users\kat\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDrive Shell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-21 00:12 261744 ----a-w- c:\users\kat\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDrive Shell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-05 12850792]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1413152308-1835569903-3301886982-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1413152308-1835569903-3301886982-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
Completion time: 2013-12-23 16:27:11
ComboFix-quarantined-files.txt 2013-12-23 21:27
ComboFix2.txt 2013-12-19 16:16
ComboFix3.txt 2013-01-27 19:17
.
Pre-Run: 844,124,246,016 bytes free
Post-Run: 845,587,755,008 bytes free
.
- - End Of File - - 77B7E2C500F6252D2F8D7179816381


Adware Removal:


# AdwCleaner v3.016 - Report created 23/12/2013 at 16:53:05
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kat - KAT-PC
# Running from : C:\Users\kat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPZ0W9Y5\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Partner Service
***** [ Files / Folders ] *****
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\ByrrowSe2suave
Folder Deleted : C:\ProgramData\SeAirceh-NEwyTab
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BetterSurf
Folder Deleted : C:\Program Files (x86)\Better-Surf
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Swift Browse
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\kat\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\kat\AppData\Local\Conduit
Folder Deleted : C:\Users\kat\AppData\Local\Discount Buddy
Folder Deleted : C:\Users\kat\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\kat\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\kat\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kat\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\kat\AppData\LocalLow\ByrrowSe2suave
Folder Deleted : C:\Users\kat\AppData\LocalLow\SeAirceh-NEwyTab
Folder Deleted : C:\Users\kat\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\kat\AppData\Roaming\Babylon
Folder Deleted : C:\Users\kat\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\windows\System32\roboot64.exe
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : icon_url
Deleted : search_url
Deleted : keyword
*************************
AdwCleaner[R0].txt - [14020 octets] - [23/12/2013 16:51:07]
AdwCleaner[S0].txt - [13319 octets] - [23/12/2013 16:53:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13380 octets] ##########


My McAfee Security says it is turned off, but it won't let me download Junkware Removal. Everytime I try, it gives me an "internet explorer has stopped working" message" from McAfee. When I go back and check McAfee, it says my protection is off.


Thanks!

# AdwCleaner v3.016 - Report created 23/12/2013 at 20:17:38
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : zon - ZON-PC
# Running from : C:\Users\zon\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\Saurrf anD keep
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\RadioRage_4j
Folder Deleted : C:\Program Files (x86)\ss helper
Folder Deleted : C:\Program Files (x86)\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\Saurrf anD keep
Folder Deleted : C:\Program Files (x86)\SearchNewTab
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\zon\AppData\Local\Babylon
Folder Deleted : C:\Users\zon\AppData\Local\Conduit
Folder Deleted : C:\Users\zon\AppData\Local\iac
Folder Deleted : C:\Users\zon\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\zon\AppData\Local\RadioRage_4j
Folder Deleted : C:\Users\zon\AppData\Local\TBHostSupport
Folder Deleted : C:\Users\zon\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\zon\AppData\Local\WhiteListing
Folder Deleted : C:\Users\zon\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\zon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\zon\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\zon\AppData\LocalLow\RadioRage_4j
Folder Deleted : C:\Users\zon\AppData\Roaming\BitLord
Folder Deleted : C:\Users\zon\AppData\Roaming\DSite
Folder Deleted : C:\Users\zon\AppData\Roaming\SpecialSavings
Folder Deleted : C:\Users\zon\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\zon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Deleted : C:\Users\zon\Documents\BitLord
Folder Deleted : C:\Users\zon\Documents\optimizer pro
Folder Deleted : C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\3pvo74q8.default-1385950821469\Extensions\aqlklvg@vqhcc.org
Folder Deleted : C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\3pvo74q8.default-1385950821469\Extensions\pzjob@aiaeqh.org
Folder Deleted : C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\3pvo74q8.default-1385950821469\Extensions\rrvyoyo@myqbjv.co.uk
Folder Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Folder Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\driverscanner.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\3pvo74q8.default-1385950821469\searchplugins\WebSearch.xml
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\driverscanner.job
File Deleted : C:\Windows\System32\Tasks\driverscanner
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\Tasks\dsmonitor.job
File Deleted : C:\Windows\System32\Tasks\dsmonitor

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4jffxtbr@RadioRage_4j.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@vshsolutions.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f
Key Deleted : HKCU\Software\5c68dd0e23fe812
Key Deleted : HKLM\SOFTWARE\5c68dd0e23fe812
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_interactive-calendar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_interactive-calendar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9E18E695-C9AF-4369-8CC3-93141C2928AF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D0E90465-CF35-480D-B520-E1E3BDE802F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpecialSavings
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFinder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\RadioRage_4j
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\RadioRage_4j
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sshelp~1\psupport.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\websea~1\sprote~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\3pvo74q8.default-1385950821469\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchguru.info/?pid=299&r=2013/12/12&hid=776919717690390276&lg=EN&cc=US&unqvl=43&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.searchguru.info/?pid=299&r=2013/12/12&hid=776919717690390276&lg=EN&cc=US&unqvl=43");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchguru.info/?pid=299&r=2013/12/12&hid=776919717690390276&lg=EN&cc=US&unqvl=43&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6023 octets] - [23/12/2013 17:20:00]
AdwCleaner[R1].txt - [30198 octets] - [23/12/2013 19:42:20]
AdwCleaner[S0].txt - [29109 octets] - [23/12/2013 20:17:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29170 octets] ##########

I've already explained the errors. The Error message states: Archive is corrupt when downloading zip files. and other files says : Files are corrupt and some nsis errors too.

Computer Specs:
Manufacturer: Alienware
Model: Alienware ANDROMEDA_R5
Installed memory (RAM): 6.00 GB (5.90GB usable)
System Type: 64-bit Operating System

Hi,
Thank you very much for any help.
All of my browsers (IE, Chrome, Firefox) open, but are unable to connect. Something is wierd with the settings- options are missing, so I think a virus has played around with my browsers.
I'm not sure, but I think it had to do with stuff I downloaded to play around with my ip.
---------------------------------------------------------------------------------------

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4003 Mb
Graphics Card: Intel(R) HD Graphics Family, 1809 Mb
Hard Drives: C: Total - 595378 MB, Free - 352474 MB;
Motherboard: Dell Inc., 034W60
Antivirus: Symantec Endpoint Protection, Updated and Enabled


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:16:13, on 23/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Users\user\AppData\Local\WebPlayer\Apps Hat\WebPlayer.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\user\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s...onse/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s...onse/index.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll
O2 - BHO: qualitink - {73ad5d47-66e5-4127-80ca-c0eedabafbcc} - C:\Program Files (x86)\qualitink\qualitinkBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: midicair - {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files (x86)\midicair\prxtbmidi.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: עוזר הכניסה של מזהה Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: midicair Toolbar - {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files (x86)\midicair\prxtbmidi.dll
O3 - Toolbar: Agat.AGForms.Toolbar.AGFormsToolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SecureConnector] "C:\Users\user\AppData\Roaming\ForeScout SecureConnector\SecureConnector.exe"
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SDP] C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKCU\..\Run: [Apps Hat] C:\Users\user\AppData\Local\WebPlayer\Apps Hat\WebPlayer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SurfEasy] C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://www.dosearches.com/?utm_sourc...&ts=1381864091
O4 - Startup: Dropbox.lnk = user\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Intel(R) Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O4 - Startup: גוזר מסך של OneNote 2007 ו- Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: שירות עדכון Google (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: שירות עדכון Google (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update qualitink - Unknown owner - C:\Program Files (x86)\qualitink\updatequalitink.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Util qualitink - Unknown owner - C:\Program Files (x86)\qualitink\bin\utilqualitink.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
--
End of file - 28434 bytes



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.45.2
Run by user at 18:21:02 on 2013-12-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1255.972.1037.18.4003.1839 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\qualitink\updatequalitink.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\qualitink\bin\utilqualitink.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Windows\System32\StikyNot.exe
C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Users\user\AppData\Local\WebPlayer\Apps Hat\WebPlayer.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\user\Desktop\avast_free_antivirus_setup.exe
C:\Windows\system32\sppsvc.exe
C:\Users\user\AppData\Local\Temp\_av_iup.tm~a06396\instup.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe
C:\Program Files (x86)\Symantec\LiveUpdate\luall.exe
C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files (x86)\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe
C:\Windows\system32\werfault.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Users\user\AppData\Local\Temp\_av_iup.tm~a06396\aswOfferTool.exe
C:\Users\user\AppData\Local\Temp\_av_iup.tm~a06396\gtoolbar_setup_138781560 45684.exe
C:\Users\user\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Program Files (x86)\GUM708D.tmp\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\Install\{E8E68A80-6CE6-48A9-9366-A938D75B1868}\googletoolbarinstaller_en_signed.exe
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\user\Desktop\68lqqlbu.exe
C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uSearch Bar = Preserve
mStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
mURLSearchHooks: midicair Toolbar: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files (x86)\midicair\prxtbmidi.dll
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
BHO: AGFormHelperObj Class: {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll
BHO: qualitink: {73ad5d47-66e5-4127-80ca-c0eedabafbcc} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: midicair Toolbar: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files (x86)\midicair\prxtbmidi.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: עוזר הכניסה של מזהה Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - LocalServer32 - <no file>
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
TB: midicair Toolbar: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files (x86)\midicair\prxtbmidi.dll
TB: Agat.AGForms.Toolbar.AGFormsToolbar: {8fe28f46-37ad-47b2-8258-34c128636ace} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SecureConnector] "C:\Users\user\AppData\Roaming\ForeScout SecureConnector\SecureConnector.exe"
uRun: [SkyDrive] "C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SDP] C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
uRun: [Apps Hat] C:\Users\user\AppData\Local\WebPlayer\Apps Hat\WebPlayer.exe
uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SurfEasy] C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup
uRunOnce: [Application Restart #3] C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://www.dosearches.com/?utm_sourc...&ts=1381864091
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dr opbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IN TEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ON ENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.7 132.68.238.50 132.68.1.2 132.68.1.9
TCP: Interfaces\{6BEBFA27-0952-44E1-B79E-47C99BF47483} : DHCPNameServer = 192.168.0.7 132.68.238.50 132.68.1.2 132.68.1.9
TCP: Interfaces\{6BEBFA27-0952-44E1-B79E-47C99BF47483}\34169363135343 : DHCPNameServer = 213.57.2.5
TCP: Interfaces\{6BEBFA27-0952-44E1-B79E-47C99BF47483}\36169363134333 : DHCPNameServer = 213.57.2.5
TCP: Interfaces\{6BEBFA27-0952-44E1-B79E-47C99BF47483}\3637F57657563747 : DHCPNameServer = 132.68.32.4 132.68.32.33 132.68.1.9 132.68.1.2
TCP: Interfaces\{6BEBFA27-0952-44E1-B79E-47C99BF47483}\45563686355636 : DHCPNameServer = 132.69.192.7 132.68.238.49 132.68.1.2
TCP: Interfaces\{6BEBFA27-0952-44E1-B79E-47C99BF47483}\545475946494 : DHCPNameServer = 132.68.49.4
TCP: Interfaces\{6BEBFA27-0952-44E1-B79E-47C99BF47483}\F66656E6 : DHCPNameServer = 192.168.14.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=W DCXWD6400BPVT-75HXZT1_WD-WXR1AC0T1972T1972&ts=1381864091
x64-mDefault_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=hp&from=smt&uid=W DCXWD6400BPVT-75HXZT1_WD-WXR1AC0T1972T1972&ts=1381864091
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wce4zdbf.default\
FF - prefs.js: browser.search.selectedEngine - dosearches
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\OSA Kit Pro Player v4.0\npmeadax.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wce4zdbf.default\ext ensions\{97A78363-B868-4B48-AC91-A783A31215AF}\plugins\npMinibarPlugin.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-23 55856]
R2 hmip;hmip;C:\Windows\System32\drivers\hmip64.sys [2013-12-3 30056]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-12-17 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-12-17 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-12-17 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-12-17 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-12-17 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-12-17 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-12-17 275616]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-23 175168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-22 137648]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-23 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-12-17 51872]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-31 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-23 250984]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-10-16 42184]
S3 tapse01;SurfEasy TAP-Windows Adapter V9;C:\Windows\System32\drivers\tapse01.sys [2013-10-16 39608]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-31 57856]
.
=============== Created Last 30 ================
.
2013-12-23 16:19:43 82744 ----a-w- C:\Windows\System32\drivers\aswstm.sys.1387815746
2013-12-23 16:19:43 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-23 16:19:43 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-23 16:19:43 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-23 16:19:41 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-23 16:19:41 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-23 16:19:41 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-23 16:19:37 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-23 16:19:09 -------- d-----w- C:\Program Files\AVAST Software
2013-12-23 16:11:30 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-23 14:19:34 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-12-22 22:13:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-12-22 22:13:56 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-22 22:13:54 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-22 22:13:47 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-22 22:13:46 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-12-22 16:07:00 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-22 16:06:46 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14AA3D4B-F2F7-42E2-81F5-6C414928B133}\mpengine.dll
2013-12-17 01:11:25 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-17 01:11:25 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-17 01:11:24 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-17 01:11:24 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-16 22:33:13 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-16 21:07:53 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-16 21:07:53 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-16 21:07:53 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-16 21:07:51 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-16 21:07:51 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-16 21:07:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-16 21:07:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-16 21:07:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-16 21:07:25 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-16 21:06:59 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-16 21:06:59 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-16 20:59:35 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-16 20:59:35 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-16 20:59:34 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-16 20:59:34 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-16 20:59:34 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-16 20:59:34 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-16 20:59:34 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-16 20:59:34 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-08 19:05:47 -------- d-----w- C:\Users\user\AppData\Roaming\DriverCure
2013-12-08 19:05:46 -------- d-----w- C:\Users\user\AppData\Roaming\ParetoLogic
2013-12-08 19:05:15 -------- d-----w- C:\ProgramData\ParetoLogic
2013-12-03 16:42:07 30056 ----a-w- C:\Windows\System32\drivers\hmip64.sys
2013-12-03 16:37:21 -------- d-----w- C:\Users\user\AppData\Local\Programs
2013-12-03 07:57:33 -------- d-----w- C:\Users\user\AppData\Local\com.surfeasy.se0200
2013-12-03 07:57:33 -------- d-----w- C:\ProgramData\SurfEasy VPN
2013-12-03 07:55:23 -------- d-----w- C:\ProgramData\SurfEasyService
.
==================== Find3M ====================
.
2013-12-16 22:33:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-16 22:33:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-16 20:51:52 39608 ----a-w- C:\Windows\System32\drivers\tapse01.sys
2013-10-16 01:44:42 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 04:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 18:30:45.14 ===============



DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20/04/2011 14:17:57
System Uptime: 23/12/2013 18:05:26 (0 hours ago)
.
Motherboard: Dell Inc. | | 034W60
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2277/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 344.725 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: ‏‏התקן היקפי של Bluetooth
Device ID: BTHENUM\{00004C48-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A175B3F&0&700514C105B8_C00000001
Manufacturer:
Name: ‏‏התקן היקפי של Bluetooth
PNP Device ID: BTHENUM\{00004C48-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A175B3F&0&700514C105B8_C00000001
Service:
.
Class GUID:
Description: ‏‏התקן היקפי של Bluetooth
Device ID: BTHENUM\{00004C48-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A175B3F&0&A8922C076E00_C00000000
Manufacturer:
Name: ‏‏התקן היקפי של Bluetooth
PNP Device ID: BTHENUM\{00004C48-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A175B3F&0&A8922C076E00_C00000000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
????? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
???????? ?????????? Windows Live
????????? Messenger
?????????? Windows Live
עדכון עבור מסנן דואר הזבל של Microsoft Office Excel 2007 Help (KB963678)
עדכון עבור מסנן דואר הזבל של Microsoft Office Powerpoint 2007 Help (KB963669)
עדכון עבור מסנן דואר הזבל של Microsoft Office Word 2007 Help (KB963665)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
7-Zip 9.22beta
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 12.0
Advanced Audio FX Engine
Apps Hat
AppsHat Mobile Apps
avast! Free Antivirus
Bluetooth Win7 Suite (64)
Bundled software uninstaller
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
Dropbox
E-GOV.IL Sign&Verify Software - AGForm toolbar
FilesFrog Update Checker
Free Opener
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HDPlayer
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.0
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
jZip
K-Lite Codec Pack 7.0.0 (Standard)
LiveUpdate 3.3 (Symantec Corporation)
lupa 3.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile HEB Language Pack
Microsoft Application Error Reporting
Microsoft Mathematics (64-bit)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Hebrew) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Hebrew) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Hebrew) 2007
Microsoft Office Language Pack 2007 - Hebrew עברית
Microsoft Office O MUI (Hebrew) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Hebrew) 2007
Microsoft Office Outlook MUI (Hebrew) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Hebrew) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Hebrew) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Hebrew) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Hebrew) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (Hebrew) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Hebrew) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Hebrew) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Hebrew) 2007
Microsoft Office X MUI (Hebrew) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
midicair Toolbar
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
OSA Kit Pro Player v4.0 1.0
Photo Story 3 for Windows
Pic-A-Book Designer 3.09.02
qualitink 1.0.0
Quickset64
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile HEB Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile HEB Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Skype Click to Call
Skype™ 6.11
swMSM
Symantec Endpoint Protection
TuneUp Utilities 2014 (en-US)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Searchqu Toolbar
גלריית התמונות של Windows Live
מסייע Messenger
.
==== End Of File ===========================


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-24 10:25:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: 68lqqlbu.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapob.sys

---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031c0000 27 bytes [FF, FF, 48, 89, 58, 08, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 556 fffff800031c001c 26 bytes {LEA ECX, [RAX-0x20]; CALL 0xffffffffffd03fe4}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\services.exe[800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\IDT\WDM\STacSV64.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe[1520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe[1676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Windows\Explorer.EXE[2728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\SysWOW64\NLSSRV32.EXE[2452] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe[2480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1128] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe[1128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files (x86)\qualitink\updatequalitink.exe[3140] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\qualitink\updatequalitink.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\qualitink\updatequalitink.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3168] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[3200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\qualitink\bin\utilqualitink.exe[3320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\qualitink\bin\utilqualitink.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\qualitink\bin\utilqualitink.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4472] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[5072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[4212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[4388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[1992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\IDT\WDM\sttray64.exe[4700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[4808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\Dell\QuickSet\quickset.exe[4852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[5056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[3964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\system32\conhost.exe[1964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5204] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Windows\System32\StikyNot.exe[5268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe[5288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Users\user\AppData\Local\WebPlayer\Apps Hat\WebPlayer.exe[5364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Users\user\AppData\Local\WebPlayer\Apps Hat\WebPlayer.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Users\user\AppData\Local\WebPlayer\Apps Hat\WebPlayer.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5552] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5848] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075f41465 2 bytes [F4, 75]
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5848] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075f414bb 2 bytes [F4, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[5876] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6344] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[6872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6912] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62]
.text C:\Users\user\Desktop\techguy\68lqqlbu.exe[6472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007633a2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [6872:3400] 000007feeba59688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @347e392950dc 0xD6 0x17 0xA9 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @d4889093cab1 0xA9 0x90 0xD0 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @58170c0a6636 0x3A 0x27 0xFF 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @0022fceacdc6 0xAC 0x3E 0x35 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @700514c105b8 0x91 0x5D 0xE7 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @0c715dd174a7 0x72 0x58 0xDC 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @a8922c076e00 0xE1 0x4C 0x11 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e2f9ed6 @58a2b5354bbb 0xA8 0xD5 0xE5 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 206314
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 193682
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6BEBFA2 7-0952-44E1-B79E-47C99BF47483}@LeaseObtainedTime 1387872983
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6BEBFA2 7-0952-44E1-B79E-47C99BF47483}@T1 1387873883
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6BEBFA2 7-0952-44E1-B79E-47C99BF47483}@T2 1387874558
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6BEBFA2 7-0952-44E1-B79E-47C99BF47483}@LeaseTerminatesTime 1387874783
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@347 e392950dc 0xD6 0x17 0xA9 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@d48 89093cab1 0xA9 0x90 0xD0 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@581 70c0a6636 0x3A 0x27 0xFF 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@002 2fceacdc6 0xAC 0x3E 0x35 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@700 514c105b8 0x91 0x5D 0xE7 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@0c7 15dd174a7 0x72 0x58 0xDC 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@a89 22c076e00 0xE1 0x4C 0x11 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e2f9ed6@58a 2b5354bbb 0xA8 0xD5 0xE5 0x8D ...
---- EOF - GMER 2.1 ----

Still waiting for a reply here. Had 2 more pop-ups since the 'core.insightexpress'. One (The most recent about 2 days ago) i unfortunately wasn't around to see so no information on it. The other about 2-3 days after the origional post with the sighting of the 'core.insightexpress' pop-up i saw one titled "axp.zedo".

I havn't taken any actionssince the origional post when i removed what i could find of the 'core.insightexpress' infection. However a few new applications have been installed by my partners brother. (Remote server & Splashtop remote control services).

Any help would be much appreciated

Thanks in advance

-TehEmoGurl-

Hi there........I m asking for some professional help coz its now been a year that i m facing this problem somebody has hacked my android phone my phone was acting on its own and after that it was turn of my pc so i destroyed my phone and changed the pc my internet connection each n everything........but i dont know how it happened..........my windows phone worked fine just for few days after this its the same story so now inshort I m now living without any phone......changed to this system but still im afraid and dont know when i would have to change it again i dont know how someone got remote acess to my things or can hack them........so much worried and scared..........if anybody here can help then plzzzzzzzz do plzzzzzzzz

Hi, I'm having similar issues as the poster in this thread: http://forums.techguy.org/virus-othe...-no-audio.html

On Tuesday last week I installed iTunes and since then everything has been flipping out. Two days ago I managed to do a system restore by luck and got sound back for a couple of hours. Then the computer was shut down for the night, started up in the morning and we're back to no sound.

I can't use any of the Hotfixes provided by Microsoft; I always get the dssenh.dll error. I've run Malware Bytes, checked the registry with CC-Cleaner & run a full scan using the latest database of ESET. I've also uninstalled iTunes since then but no luck. Audio drivers are up to date, device is working fine + enabled, windows audio service in services is enable + automatic start up & speakers are fine (optical input, Logitech Z-5500)...

This is pretty much my last hurrah I guess, if I can't figure it out I think I'll just have to buy a new Windows CD & do a clean install. (Can't find my Acer Aspire X1700 recovery disk & onboard software of Acer eRecovery crashes on start.)

Here are my log files;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:31:36 PM, on 12/24/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\Windows\TEMP\E_SCFCE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\SAGAR-HTPC\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - User Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files\ImTOO\iPhone Transfer Platinum\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SAGAR-HTPC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10719 bytes


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/24/2009 10:48:15 PM
System Uptime: 12/24/2013 6:39:35 PM (1 hours ago)
.
Motherboard: Acer | | Aspire X1700
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | CPU 1 | 2403/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 49.939 GiB free.
D: is FIXED (NTFS) - 142 GiB total, 35.353 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F03\4&3032039E&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F03\4&3032039E&0
Service: i8042prt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Aangifte inkomstenbelasting 2009
Aangifte inkomstenbelasting 2010
Aangifte inkomstenbelasting 2011
Aangifte inkomstenbelasting 2012
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer eSettings Management
Acer ScreenSaver
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop 7.0
Adobe Photoshop CS5
Adobe Reader 8.2.0
Adobe Widget Browser
Apple Software Update
µTorrent
BitNami WordPress Module
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
BSR Screen Recorder 4
CameraHelperMsi
CCleaner
CDDRV_Installer
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.1.19.365
D3DX10
DAEMON Tools Toolbar
Eggsucker V2.0
EPSON Scan
EPSON SX110 Series Printer Uninstall
erLT
ESET Smart Security
eSobi v2
FileZilla Client 3.7.1
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.9.35.324
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Huur- en zorgtoeslag 2011
ImgBurn
ImTOO iPad Video Converter
ImTOO iPhone Transfer Platinum
ImTOO Video Converter Ultimate
Java 7 Update 45
Java Auto Updater
K-Lite Codec Pack 4.7.5 (Full)
KhalInstallWrapper
LightScribe 1.4.142.1
Logitech SetPoint
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MYMOVIES)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
mp3-2-wav converter 1.14
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
My Movies
NBA 2K11
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Settings CS5
PE585QAEncoder-32
PVSonyDll
Realtek High Definition Audio Driver
Rosetta Stone V3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Skype Toolbars
Skype™ 4.2
System Requirements Lab CYRI
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.1.11
VNC Enterprise Edition E4.4.1
VNC Mirror Driver 1.8.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR 4.00 (32-bit)
Wondershare MobileGo for iOS ( Version 3.3.0 )
XAMPP
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.2
YouTube Downloader 3.3
YouTube to BlackBerry Converter 2009 2009.11.12
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 10.45.2
Run by SAGAR-HTPC at 19:29:28 on 2013-12-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1033.18.3071.1791 [GMT 1:00]
.
AV: ESET Smart Security 3.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 3.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0409&m=aspire_x1700
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0409&m=aspire_x1700
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifbe.exe /fu "c:\windows\temp\E_SCFCE.tmp" /EF "HKCU"
uRun: [SkyDrive] "c:\users\sagar-htpc\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\public\docume~1\windows\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with ImTOO iPhone Transfer Platinum - c:\program files\imtoo\iphone transfer platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\sagar-htpc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{0BA2BE82-6A5F-4FD8-8FD4-27DFB6B10E5B} : DHCPNameServer = 212.54.40.25 212.54.35.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sagar-htpc\appdata\roaming\mozilla\firefox\profiles\l5hdaiwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-06-25 02:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 472280]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-17 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2013-2-5 299024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-24 13:47:04 -------- d-----w- c:\program files\Research In Motion
2013-12-24 13:29:12 388096 ----a-r- c:\users\sagar-htpc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-12-24 13:29:11 -------- d-----w- c:\program files\Trend Micro
2013-12-23 21:28:59 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-23 08:39:57 -------- d-sh--w- C:\found.000
2013-12-22 20:04:04 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-12-22 20:04:03 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-12-20 23:33:24 -------- d-----w- c:\users\sagar-htpc\appdata\local\ElevatedDiagnostics
2013-12-20 19:15:38 -------- d-----w- c:\users\sagar-htpc\appdata\local\{135E0592-1AD7-46BB-B5EE-91392D9CC2E5}
2013-12-20 19:14:09 -------- d-----w- c:\users\sagar-htpc\appdata\local\DriverTuner
2013-12-17 23:34:16 -------- d-----w- c:\program files\common files\XCPCSync.OEM
2013-12-17 22:35:03 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(309)
2013-12-17 22:07:58 -------- d-----w- c:\users\sagar-htpc\{ac5eabd6-6566-4a16-89a7-58b997aae8ab}
2013-12-17 22:07:08 -------- d-----w- c:\users\sagar-htpc\{ebd23dc6-550b-4a7f-9ebf-91778cb110ac}
2013-12-17 18:04:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(186)
2013-12-17 17:30:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(71)
2013-12-17 17:06:58 -------- d-----w- c:\program files\Revo Uninstaller
2013-12-17 16:56:06 -------- d-----w- c:\program files\Bonjour(7)
2013-12-08 20:47:39 -------- d-----r- c:\users\sagar-htpc\SkyDrive
2013-12-08 20:47:22 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-12-05 11:17:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-12-04 18:50:11 -------- d-----w- c:\program files\Bonjour(16)
2013-12-04 18:21:42 -------- d-----w- C:\db6716f6190faefbcbff4dcc
.
==================== Find3M ====================
.
2013-12-17 20:34:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-17 20:34:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 05:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-25 01:59:34 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 19:30:02.26 ===============



Appreciate any/all the help I can get. I'm on Windows Vista.

Contents of ark.txt is attached coz its too large (too much of character to fit into 1 post).

Attached Files

ark.zip (7.4 KB)

Got a pro,pt to update my Firefox and updated it. Turned out, it was malware.
Now, my Firefox is acting very slowly. I get pop-ups for advertising and side screens.
Also, when I open FireFox, I get the following address first: http://wisersearch.com/?channel=en
Please help me clean my computer

Please see logs below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:25:43 PM, on 12/24/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Users\Home PC\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wisersearch.com/?channel=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 98y9879799
O1 - Hosts: 94.249.188.226 ok.ru
O1 - Hosts: 94.249.188.226 m.ok.ru
O1 - Hosts: 98y9879799
O1 - Hosts: 94.249.188.226 ok.ru
O1 - Hosts: 94.249.188.226 m.ok.ru
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Spring Smart - {7f232128-6f42-4f37-8efe-2e6020b2d478} - C:\Program Files (x86)\Spring Smart\SpringSmartbho.dll
O2 - BHO: OfferMosquito - {82B16A3D-F03E-4565-A532-666B219C9A53} - C:\Users\Home PC\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Social Privacy - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [Brdefprn] C:\Program Files (x86)\Brother\BRHL2140\Brdefprn.exe -d
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
O4 - HKLM\..\Run: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Home PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productiv ity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe C:\Users\Home PC\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [SSync] "C:\Users\Home PC\AppData\Roaming\SSync\SSync.exe"
O4 - HKCU\..\Run: [DataMgr] "C:\Users\Home PC\AppData\Roaming\DataMgr\DataMgr.exe"
O4 - HKCU\..\Run: [OMESupervisor] C:\Users\Home PC\AppData\Local\omesuperv.exe
O4 - HKCU\..\Run: [SCheck] "C:\Users\Home PC\AppData\Roaming\SCheck\SCheck.exe" check
O4 - HKCU\..\Run: [Snoozer] "C:\Users\Home PC\AppData\Roaming\Snz\Snz.exe"
O4 - HKCU\..\Run: [Intermediate] "C:\Users\Home PC\AppData\Roaming\Intermediate\Intermediate.exe"
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pfizeruc.webex.com/client/WB...x/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35A80055-AF4B-4050-A202-E01638B934EF}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{35A80055-AF4B-4050-A202-E01638B934EF}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS2\Services\Tcpip\..\{35A80055-AF4B-4050-A202-E01638B934EF}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpenManagerSvc - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Spring Smart - Unknown owner - C:\Program Files (x86)\Spring Smart\updateSpringSmart.exe
O23 - Service: Util Spring Smart - Unknown owner - C:\Program Files (x86)\Spring Smart\bin\utilSpringSmart.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16464 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 1.6.0_35
Run by Home PC at 14:26:26 on 2013-12-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.800 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Spring Smart\updateSpringSmart.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spring Smart\bin\utilSpringSmart.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://wisersearch.com/?channel=en
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Spring Smart: {7f232128-6f42-4f37-8efe-2e6020b2d478} - C:\Program Files (x86)\Spring Smart\SpringSmartbho.dll
BHO: OfferMosquito: {82B16A3D-F03E-4565-A532-666B219C9A53} - C:\Users\Home PC\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Social Privacy: {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
uRun: [Google Update] "C:\Users\Home PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SODCPreLoad] C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productiv ity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe C:\Users\Home PC\IBM\Lotus\Symphony\.sodc\
uRun: [SSync] "C:\Users\Home PC\AppData\Roaming\SSync\SSync.exe"
uRun: [DataMgr] "C:\Users\Home PC\AppData\Roaming\DataMgr\DataMgr.exe"
uRun: [OMESupervisor] C:\Users\Home PC\AppData\Local\omesuperv.exe
uRun: [SCheck] "C:\Users\Home PC\AppData\Roaming\SCheck\SCheck.exe" check
uRun: [Snoozer] "C:\Users\Home PC\AppData\Roaming\Snz\Snz.exe"
uRun: [Intermediate] "C:\Users\Home PC\AppData\Roaming\Intermediate\Intermediate.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [Brdefprn] C:\Program Files (x86)\Brother\BRHL2140\Brdefprn.exe -d
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
StartupFolder: C:\Users\HOMEPC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\Sendori.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pfizeruc.webex.com/client/WBXclient-T27L10NSP32EP15-15155/webex/ieatgpc1.cab
TCP: NameServer = 75.126.206.18,184.173.169.186
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{35A80055-AF4B-4050-A202-E01638B934EF} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{35A80055-AF4B-4050-A202-E01638B934EF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 75.126.206.18,184.173.169.186
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Hosts: 98y9879799
Hosts: 94.249.188.226 ok.ru
Hosts: 94.249.188.226 m.ok.ru
Hosts: 98y9879799
Hosts: 94.249.188.226 ok.ru
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\tk4cu0om.default\
FF - prefs.js: browser.search.defaulturl - hxxp://wisersearch.com/search.php?channel=en&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://wisersearch.com/?channel=en
FF - prefs.js: keyword.URL - hxxp://wisersearch.com/search.php?channel=en&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\Users\Home PC\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll
FF - plugin: C:\Users\Home PC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Home PC\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-11-13 10:30; snt@dotlabs.co; C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\tk4cu0om.default\extensions\snt @dotlabs.co.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2013-12-16 2251552]
R2 FileOpenManagerSvc;FileOpenManagerSvc;C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-10-21 334720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 655944]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 Update Spring Smart;Update Spring Smart;C:\Program Files (x86)\Spring Smart\updateSpringSmart.exe [2013-11-7 66344]
R2 Util Spring Smart;Util Spring Smart;C:\Program Files (x86)\Spring Smart\bin\utilSpringSmart.exe [2013-12-24 66344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-2 24904]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]
.
=============== File Associations ===============
.
FileExt: .chm: Applications\firefox.exe="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-24 19:19:45 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{420D561A-821D-425C-969D-4FC2FE209F77}\mpengine.dll
2013-12-24 13:55:58 -------- d-----w- C:\Users\Home PC\AppData\Roaming\Snz
2013-12-24 12:11:12 2239256 ----a-w- C:\Users\Home PC\AppData\Local\omesuperv.exe
2013-12-24 02:59:24 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-12-24 02:59:18 -------- d-----w- C:\ProgramData\Sendori
2013-12-24 02:58:59 -------- d-----w- C:\Program Files (x86)\Sendori
2013-12-24 02:57:58 -------- d-----w- C:\Program Files (x86)\Spring Smart
2013-12-24 02:55:55 -------- d-----w- C:\Users\Home PC\AppData\Local\SearchProtect
2013-12-24 02:55:55 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-12-24 02:55:09 -------- d-----w- C:\Program Files (x86)\Social Privacy
2013-12-24 02:55:07 -------- d-----w- C:\Program Files (x86)\Social Privacy DNS
2013-12-24 02:54:58 -------- d-----w- C:\Program Files (x86)\sp
2013-12-23 18:04:12 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-13 05:25:09 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 05:25:09 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 05:25:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-13 05:25:07 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-13 03:10:58 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-07 15:24:07 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FD334DA-A47A-45E6-BFC7-E4E4CA8BA761}\gapaengine.dll
2013-11-28 16:52:16 -------- d-----w- C:\Users\Home PC\AppData\Roaming\SCheck
.
==================== Find3M ====================
.
2013-12-13 03:04:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-13 03:04:56 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 15:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 15:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 14:27:54.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/17/2010 5:38:16 PM
System Uptime: 12/24/2013 7:53:03 AM (7 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron(tm) Processor LE-1300 | Socket AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 219.773 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.462 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP530: 11/17/2013 8:10:29 PM - HPSF Restore Point
RP531: 11/22/2013 7:11:52 PM - Windows Update
RP532: 11/28/2013 11:03:01 AM - Windows Update
RP533: 12/1/2013 6:08:53 PM - Windows Update
RP534: 12/7/2013 9:16:45 AM - Windows Update
RP535: 12/11/2013 4:32:14 PM - Windows Update
RP536: 12/12/2013 11:19:36 PM - Windows Update
RP537: 12/17/2013 10:51:33 PM - Windows Update
RP538: 12/18/2013 3:00:11 AM - Windows Update
RP539: 12/21/2013 10:16:55 AM - Windows Update
RP540: 12/24/2013 1:17:49 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 98y9879799
Hosts: 94.249.188.226 ok.ru
Hosts: 94.249.188.226 m.ok.ru
Hosts: 98y9879799
Hosts: 94.249.188.226 ok.ru
Hosts: 94.249.188.226 m.ok.ru
.
==== Installed Programs ======================
.
ABBYY FineReader for ScanSnap (TM) 4.1
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
BlackBerry Desktop Software 6.1
Bonjour
Brother HL-2140
CardMinder
CardMinder V4.1
CDDRV_Installer
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
erLT
FileOpen Client (x64)
Google Chrome
Google Chrome Frame
Google Update Helper
HP Customer Experience Enhancements
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HPAsset component for HP Active Support Library
iTunes
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
KhalInstallWrapper
LabelPrint
LightScribe System Software
Logitech SetPoint
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.0
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NOOK for PC
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OneTouch 4.0
Picasa 3
PictureMover
PlayReady PC Runtime amd64
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
ScanSnap Manager
ScanSnap Organizer
ScanSoft PaperPort 11
Search Protect
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Sendori
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Social Privacy
Social Privacy DNS
Spring Smart 2013.11.07.204203
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
12/24/2013 7:55:38 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/24/2013 2:14:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/24/2013 11:55:16 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/24/2013 1:03:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
12/21/2013 7:09:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-24 16:23:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000108 WDC_WD32 rev.01.0 298.09GB
Running: x6xtn4kz.exe; Driver: C:\Users\HOMEPC~1\AppData\Local\Temp\kfdirpow.sys


---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\spoolsv.exe [1312:1740] 000007fef82910c8
Thread C:\Windows\System32\spoolsv.exe [1312:1748] 000007fef8256144
Thread C:\Windows\System32\spoolsv.exe [1312:1752] 000007fef8045fd0
Thread C:\Windows\System32\spoolsv.exe [1312:1756] 000007fef8033438
Thread C:\Windows\System32\spoolsv.exe [1312:1760] 000007fef80463ec
Thread C:\Windows\System32\spoolsv.exe [1312:1772] 000007fef8525e5c
Thread C:\Windows\System32\spoolsv.exe [1312:1776] 000007fef85d5074
Thread C:\Windows\system32\taskhost.exe [1480:3008] 000007fef9981010
Thread C:\Windows\system32\taskhost.exe [1480:3248] 000007fef5c45170
Thread C:\Windows\system32\Dwm.exe [1584:1716] 000007fef981f0d8
Thread C:\Windows\system32\Dwm.exe [1584:1720] 000007fef886abf0
Thread C:\Program Files\Microsoft Security Client\msseces.exe [1880:1144] 000007fefbb02a7c
Thread C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1888:2424] 000007fef5793774
Thread C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1888:2432] 000007fef5517498
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1656:5008] 000007fefbb02a7c

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ??????????????????4Local Area Connection* 138???????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?????????6Microsoft 6to4 Adapter #131??????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ?????????????????????2???????????????????????????j????????????????????????? ?????????Microsoft 6to4 Adapter #120?1F??????????????15????X??????P???????d??STORAGE\Volume???????????????e ???e??*6to4mp?50??int?20??? ??d???????????x???RpcSs????????????????????????????????????????????E??85??? ???????Microsoft????????????%??st???????????6??????C5??????????????????oem7 2.inf???? p??????C?????C62???????????4??48??? ??8???????????x?????????????2Local Area Connection* 81????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?????????4Microsoft 6to4 Adapter #74???????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ???????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????? ??????????tunnel?t?????????????F??es??@nettun.inf,%6to4mp.displayname%;Micr osoft 6to4 Adapter?????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?sk??{4d36e972-e325-11ce-bfc1-08002be10318}???????????????????????w????N?????????????? ???????????????????????????????????????o??????????????????????????????????? i?????sDC???????????c??p6????????????????????????????????????<????????????? 6to4mp.ndi?898???????????????.???????????9??-2????:??????-?g36??55???????????????o??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?@v??{4d36e972-e325-11ce-bfc1-08002be10318}?m?n??????????disk?????????????????????B???????9???U?g?g?g?{?{ ?g???????????u?g???g?????g??????????@nettun.inf,%msft%;Microsoft??????????? ??a??????{4??@nettun.inf,%msft%;Microsoft?e??@nettun.inf,%msft%;Microsoft?? ??? ???l??????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0144??e????8?????????????16???????????????????????????e?????? 6D??????????????????????????*6to4mp????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????_2???????????$???????????????????????????????????????B??????????Microso ft 6to4 Adapter #42???????????d??tunnel??????????????tunnel???????????e???o??s????????????? ???????????????????F??????????????$???4????? ??????? ????t?????????? ????????????????????????????????????????? ???????{4d36e972-e325-11ce-bfc1-08002be10318}\0027???????X??????9??????????????? ??????????????????{00000000-0000-0000-0000-000000000000}??????Microsoft 6to4 Adapter #56?6?2??10????4???????????????????????$??????m???????w???????????????????? ????????????????????????????????????????4?BT??Type?????????@???s??ys??Root\ *6TO4MP\0109?????X??????3??????HID\VID_045E&PID_00F9&MI_01&Col01\7&37f4759e &0&0000?????HID\VID_045E&PID_00F9&MI_01&Col03\7&37f4759e&0&0002???????$???? ?????????????????????????????????Root\*6TO4MP\0111?????6?????????????16???? :????????g????????????text?.??6.1.7600.16385??????\\?\HID#VID_045E&PID_00F9 &MI_01&Col01#7&37f4759e&0&0000#{1e0886f0-4876-47fe-b3fd-c9851b2bcff2}???????????????e??????Bu??????????OHCI.Dev?D??\\?\HID#VID_045
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????1???????yB??*6to4mp?????????????.NTAMD64?????|?|????? ??\????n?????????????,????????R?#?????????%SystemRoot%\system32\umpnpmgr.dl l???????????????9?????????t?:???????e???4???e??????????????????????t?????:? ?o????????h?????????????????????????????????????????????????????????????05? ??????????B??NuidFltr6???6-21-2006???????20????????????????????????P??n????????h?????\SystemRoot\system32 \drivers\nvraid.sys????????????u????tunnel???5????(??n??????p???System Bus Extender???????T??n???????????d??nvraid.inf_amd64_neutral_5bde3fe2945bce9e? ??????????????t?????????????????????????????????????????P??o????????h?????? ????????????????????????????????????????????????????????n?????????????????? ??????N??????C??????55??????????????????Boot File System????SymIRON????????,?i?i?m?n?i?n?n??*6to4mp?????????????TCP/IP Registry Compatibility?????????????H??o?????????e????????????????t?????????????????? ???????N??????.????D.16?????????????????????????????????????g?????????????? ??????Net??????????????z?z?????????????|?|?d?????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????t?????X??????1???}???????????????????s???e???????????????????????????j? ?????s???????????? ????????????:??????d?g?d???????????? ??i???F???e??????????tunnel?8B9?????????????? L???????????????????????????????e??????os??? "??????}????????????6??????U???????U??WpdFs???00???????i???a???T??????os??? ?????X??????????????????????g??m ??????? ???????{?????055????????????????N??????d??????????? ???????4?????F68??????????????????????????9F???????????k???e??STORAGE\Volum eSnapshot???k?????????????????????????7?????????????3??????2-??????????Microsoft????????????.???????????????s??{00000000-0000-0000-0000-000000000000}???j??? ?????????????h???????0??L????????? ??????o?o????0?????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0019?? ??{12C421BF-8463-4D67-A13B-A70226A6069D}??????Network Address?????6to4mp.ndi??42??? ???????|???????????e?:??????????F?&????????????????????i??????%???????????? ????????6???'???????????????????????????6???????????S??????s_????$????????? ?????????????????-??????6B??@nettun.inf,%msft%;Microsoft?t?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????????16??????????????????dc3d?r??????????????? ??????????????????????????????`?????????d?????????????????91??? ?????????????????????0??L????????? ???????????*6to4mp?????11????????$??????3???????}????$????????????????????? ?????????????????????&??? ???????????????????^????????"?????????????SCSI Miniport????????????m?m?m?m?????????????3???????????????C??????9D?????????? ?????????????????????????????????????-??F2???????&??? ?????????????????????0????????????&????????????????????????????b???i??????? ????f???T??????????????0000.0002.0000.001.000.000.000.000.000?????????????? ?????????????????Y??? ?????????????????????,??4?????????????????????L#??????????????????????????? ????n???????????????????W??????\T??.NTAMD64?3?????m???????????????????????? ????????????????????????????????? ?????????????????????0????????????????????? ???????????????????^?0????????j?????????????????????????????z?????????????? ?????N?????????????????????????????????? ???????j???????????i???????????????????????????????g??????????????????????? ??
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????n??????h?????4??????0??1.???????????????0??Microsoft????????????}????? ??s??????text?&????N??????d????????????N?????????????????????????????????5-??????????????????????s???? ????????????????????N??????v????D??r??????5-???????????s???????s??????????????t????????????????????-??89??89???????????j???????n??? ???????C??????rN???????????????????????e??6-21-2006???int??}??????????????????????\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUM ESNAPSHOT26#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?m32??? ?????????????????????0????????????????????? ???????????????????T?0????????????????????? ?????????????????????0????????????????????? ???????????????????U?0????????0???????????????????? ?????????????????????0????????????????????????????????????????????????????? ?}??Device\TC??? ???????????????????j?0????????.???????????????????? ?????????????????????0????????????????????? ???????????????????@?0????????????????????????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0???????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ?????e?????????????????????????s????????|???t?????????????????????????????? ??????????B???????????????????????????????????????q??????????????????????st orage\volume???????????????????????8??43??? ??????????????x???????????????????????????????????????????????????????????? ????????p??ys???????????????????????????1??96??????????6to4mp.ndi?Ins?????? ?????8??2}??????ll??????????????????????????? p??????????????????????????,??00??????????????????????????????ll??????????? ????????????????9????????D?????????????e&???????????????v??t2??????|??????? "{??????|????????????????????????????????????e???????????????e???????????p? ??e??????????????????6.1.7600.16385?-4F??????????????????????????????????????????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}?___????.??????????????????????e??????r?????N????????????D???? ??.?????????????????????t????????????????????????????????????????7????????? ??1??11??CollectPerformanceData?f?h???????????????e??Microsoft 6to4 Adapter????????.????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????s?????N??????d??????????6.1.7600.16385?ral????????????????????????????? ??s???????????????????e??????????????????????????? ????????????????????????????????????????????s?Ro??? ??l????0????????????8?????????????\\??Microsoft 6to4 Adapter #108?75???????????6???????b????????????????????????'??????????????4??\0???? ???????????j???????????m?????? M??????????nettun.inf??????? ?????????????n??????????????$?N?v?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0119???????N?????????????????{159AC99C-C718-4A89-94D4-6512D2D38E68}???????????????????e???????????????????s??? ??????????????????????????? ???????????????????????????t??????????????????????d???????????????????????? h??11??????? ????????????????????????????????????????????s_{4??? ??k???????????x?????8?????????????16??Microsoft 6to4 Adapter #107??2???????????3??????????????????????????tunnel?0DC???????????4???h??ne ttun.inf?53???? ?????????????????????0??L????????? ??????69???? ?????????????????????0????????????&???????????????????????? ?????????????????????0???????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ?????m???????????????????1??6C??????om????????????????????????????????????? ?????????????? ????????????????????????"?????p?9?????????? ??@????-??????xa??????????????????????@nettun.inf,%msft%;Microsoft?i??????????????? ????????????????????????????????????{??5F???????????E??-9??????8D??????????????int?????????????????????????????s?????6????????????? tunnel?-96???????e??????????? ???????????????????m?0?????????????????????????????1??52??????????????83??n ettun.inf?BD4??? ???????A?????D}"??6to4mp.ndi?137??? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ???????????????????n?0?????????????????????????????3??A7??6to4mp.ndi?"{6??? ????????F??????BB??Microsoft???? ?????????????????????0????????????????????????????????????????? ???????????????????n?0?????????????????????????????????????"??{2??????????? D??F3??Microsoft????????????{???????6??????40????????????????????.????????? ????????? ?????????????????????0?????????????????????????????????????C??}"??-F???????????o???e????<??????i??????Microso
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????ic??????p_??? ???????s?????com???????????.??s9??Net?1.??nettun.inf?D9F??? .??????s?????com??????????????????????????????t_???????????.??s9??Net?1.??? ???????????????????????????????????????????????????????11???????????j?????? s???????????????*6to4mp??.???????????.???e??11???&??????? ?st??Microsoft 6to4 Adapter??16??? ??????????????????NETFXPerf.dll????????????j???e????????????????`?????????? ???*6to4mp?????????????? ???z???s???????h??????????????????6to4mp.ndi?ll,???????????.???e??????????? ???????????*6to4mp??4???????????????h??????????????????.NTAMD64?B??????#??? ????????????????????????????????Microsoft???????????Microsoft????????e??6-21-2006????????????????1??nettun.inf??13???????????????????????????2??12?????? ?????????????????5??????????11??????? P?????????????????????????????????????????????????????P???????? ???????@????????????????????$?N?????????????N?????????????????{845CF1D7-C707-47D7-99A2-6AEEF07E0540}??? ???????????????????s??? ???????y??????Ne???????????s???????????????????????????????????????_?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????-9??????95??? ??????????????????????????????`????????e??????????????? P??????8?????F-9??{FD1C9B17-81E1-4E0A-8080-B33CDD214C0D}??90????*??????-????d736??TCPIP6TUNNEL?Tcpip6??8????`??????0???A???????????9???????8??????? ?????????????????????????????"{20C8F0FC-9??? ?????????????????????0????????.???????????@nettun.inf,%6to4mp.displayname%; Microsoft 6to4 Adapter?E-??????????*6to4mp??????????????6?????s22??????????Microsoft 6to4 Adapter??????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????6.1.7600.16385????????:????????g? ???@nettun.inf,%msft%;Microsoft????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????? ???????????*6to4mp?????? ?????????????????????0????????????????????????????????????????????????????? ???????????????????????? ???????|?????????????:????????????&????????????????????0??? ?????????????????????????????? ????????j???? ????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ????????? ??q???????????x?????8?????????????16??Microsoft 6to4 Adapter #113??2???????????3??????????????????????????tunnel?15A???????????4???h??ne ttun.inf?53???? ?????????????????????0??L????????? ??????69???? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????O4???????????????????1??11??? ????m??? ?????????????????????0?????????????????????????????d??ic??6.1.7600.16385?ag e??????????? ???????;????????????????"?????p?n??????n??????? ?????????????????????0????????????????????????????? ??????????????72????:?????????????@nettun.inf,%msft%;Microsoft?0????`?????? ????????????????F??????????????? ????????????????????????????????????????????s?????????????????????????? ???????????????????????????????????????f???????????????E???e????????<?????? 0??????Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ??????-45??? ???????b?????}????? "??????*?????P#0??ndis5_ip6_tunnel?4??? ???????????????????????????????????????t??? ?????????????????????????????? ??
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ????????????????????????ev??ndis5_ip6_tunnel????????????????????????????? ????????????????????????????????????????????s6To??? ???????5????????????8??????k???????n??nettun.inf??????????????????????????? ????}??"{??????????? ???????;????????????????"?????p?????????????N??????3????Dt_#??TCPIP6TUNNEL? Tcpip6??1??? ???????;????????????????"?????p?u?????,???????????????????????{368150A1-64DE-452A-9F10-6E03AAE2A66D}??02??\Device\{368150A1-64DE-452A-9F10-6E03AAE2A66D}??28??????????? ?????????????????????????????? ????????????i???? ??????5????c27-??Network Address?D1??? ?????????????????????????????? ???????C-???? ??????1????c}?\????<??????p??????Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ??????222??? ???????\?????e\T??tunnel?15A??? "??????3?????5-5??ndis5_ip6_tunnel?e???????????2??90??11?1-4??????????????????????????? ????????????????????????????????????????????sEF}???????????p??_{??nettun.in f?-4A??? ???????9?????BFE??6to4mp.ndi?ip6??? ??????????????????6-21-2006?????????&?14??? ?????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????? ???????????*6to4mp?????? ?????????????????????0????????????????????????????????????????????????????? ???????????????????????? ???????|?????????????:????????????&????????????????????0??? ?????????????????????????????? ????????j???? ??????????????????????????????????????????d??????????ndis5_ip6_tunnel?????? ??????9??????E3????N??????5??????????? ?????????????????????,????????????'????????????????????}??? ?????????????????????0????????????????????? ?????????????????????0??????????????????????x?????????????????????????????? ???? ???????U?????????????,????????$???<?????????????????????????????????????:?? ???????????????????????????????????? ?????????????????????,????????z?????#?????? ???????t???????????????????????????????6??????????????? ????????????????????????"?????p???????20??Network Address??????????????????t???? ??????l???e??????????SeCreateGlobalPrivilege
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ?????????????????j????????????N??????1????D2B0???????{???5???e????.???????? ??????????????????????1??11????????????6??????????e??Type?m???????m???v???j ??????j???????????????? p??????????????????????????D???????s??*6to4mp?.i??????"{??tunnel?n?n??????? ????????????????????????4???????????????????c??e8????N????????????D???????? ????????????nettun.inf?ell??????}"????.??????????????????????2??3???6.1.760 0.16385?DA4??????16??volsnap??e???????????????????????????1???{??????38??ne ttun.inf??11???????????????????????????1??12??nettun.inf:Microsoft.NTamd64: 6to4mp.ndi:6.1.7600.16385:*6to4mp?"Tc??6to4mp.ndi??????????3-??????????????????? ??i???????????x????????????8??3F??????????????????? ??G???????????x????????????"??{8???????????1??12???????????2??F1??????????? p???p??????3-??? ????????????H????????0????????????????????? ?????????????????????0????????~?????????????~??????6??7????????????n??????? ?????????????????????0??????????????????????????????$?????????????????ROOT\ *6TO4MP\0071??????????????????d???????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ?????k??gendisk?}"???????????w??????????? ?????????????i?????????????????? ?????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}?e?e??????????@volsnap.inf,%msft%;Microsoft???storage\volumesn apshot??????????????????????????????????????????????????????????????????.i? ?? ???????????????????????????????????9??53??53??USB\VID_07B4&PID_020D&REV_010 0?USB\VID_07B4&PID_020D????? ??????????????????USB\Class_FF&SubClass_FF&Prot_FF?USB\Class_FF&SubClass_FF ?USB\Class_FF????????N?????????????????{0a94fe63-563b-11df-9da4-e99fbe75e713}??????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&????????????????????h??? ?????????????????????0????????????&???????????????????????DIGITAL VOICE RECORDER??????????????????????????? ?????????????????????0????????????????????volume_snapshot_install?2C??????? ???VolumeSnapshot???.???????????-??sD???????????????????????e???????????2??-4??6.1.7600.16385???????????????????e??????*6???????????????????-??DF???????????6??????????????????????????? ?????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ?????????????????p??????????????????????????Microsoft???*6to4mp?e9????????? ?????*6to4mp?????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter???????N??????p?????D66??????4m??-B???????2??????24???????????j?s?y?s?????s???????????????????????????9??3-??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?0-?????????????????s????????-9??????????????24??@nettun.inf,%msft%;Microsoft?v??{533c5b84-ec70-11d2-9505-00c04f79deaf}\0024??e???e????????????????X??????z?????????????????????????? tunnel?.1.???????????.??????????????????25???????????B??11???&???????????r? ??e???????????0??3C???????????????????????j???????????B???????????????????? ????`?????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter??????????????????????????&??????????????24??Microsoft???*6to4mp???? ?????text?6??text????? p?????????????????????????????????????@msmouse.inf,%msmfg%;Microsoft??????? i????????????N??????C?????Dic???????m???????????v??e\??????????Type???????? ????? ?????????????????????0??L????????? ??????n?n??? ?????????????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ?????????????????c???8???@?@?;????????????6?k?????????????????????????????? ??????????????????????9??????????? P?????????????????1??1?1??????????????????????????????????????????????????? ?????????]???????&???????????c?????????????11?e????.NTAMD64?????????????????????U?U?. ???????????????*&6????????????????????Root\SYSTEM\0000?????????.??AmdK8???? ???`???????????????????????????????l_??? ???????8???????????????????P????pys,???????????;?????????7?/???????@????????????????-??&??????????????????????????????????? ??????????????????????????????????????????usbohci??$??pci? ???????11??????? <??????5?????5-A???????????i??s%??.NTAMD64????System??????11?DB0??*6to4mp?????usbehci????? ?`?`?/??????????????????????System??????????????????????? ??????????????n???*6to4mp??????????@??????????????RTKVHD64.sys?9??????????? ???????????????????s???.NTAMD64??????z??@????????????????????,??6??1??1?1?? ??"???????????N?????????????11????????? ????Microsoft???1??1?1?????????@3-???????@???????????????????????????????????????;???????????*????h
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ?????*????h?????????????????????????????????????????Mouse???????11?8B9???D? D?D???????????????e??????????????????????????System??????11?8AD??11?ip6???? ???.????6???????????????????????????????????(?????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????? ?????????????????????????????????????4???????????????????? ?????????p?????????????? ????????????????????????????????????d??/???1??????????????????????????????????????7-29-2009??????z????????? ???????s?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???6ec??????p???????p????????n??????7B???????????????????????h????????????? ?? P??????????????????h?h??????????????????????d??h??????????????? ?????????????h???????0??L????????? ??????7-0?????????????h????????? ???????h?????h???????0????????????&???????????????????????? ???????h?????????????0???????????????????????h????? ???????h?????????????0?????????????????????h?h?7??????? ???????h?????????????0???????????????????????h???h???h???h????? ???????h?????????????0????????????????????? ???????h?????h???????0????????????&???????????????????????? ???????h?????h???????0????????????????????? ???????h???????????h?0????????d???????????@system32\drivers\pci.sys,#1540;P CI to PCI Bridge????h?hs,???????????????????h?he??????h????? ???????h?????h???????0????????????&??????????????????????????h????????????? ???? ???????h?????h???????0????????????????????? ???????h???????????h?0?????????????????????????h???7???7??machine.inf:GENDE V_SYS.NTamd64:PCI_DRV:6.1.7601.17514:pci\cc_0604????????h??? ???7???????7?????h????? ???????h?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???e?~??tunnel?20C???????????0?????s00??tunnel?and??*6to4mp?????? ???????????????? ??4????????0?6???????????? ???????4?????4???????0??????????????????????N??4????????D????????4????????? 4??????????????{4d36e97d-e325-11ce-bfc1-08002be10318}???4??? ???????????????????4???????? ?$????????4????X??4???4??????{4d36e97d-e325-11ce-bfc1-08002be10318}\0011?????*pnp0c0c?4???4???????4??? ??????machine.inf??4??? ???????3?????4???????0????????????&???????????????????????? ???????4?????4???????0????????????????????? ???????4???????????3?0???????????????????????4?????????????????????????4??? ???????machine.inf?me??? ???4???4?????4?4??NO_DRV?????????4????? ???????4?????4???????0???????????????????????4????????? ???????4???????????4?0?????????????????????????????g??vo???????4??? ??????NO_DRV???????4?4?????????4??????????????Microsoft???? ???????4?????4???????0????????????????????????????????????????? ???????4???????????4?0?????????????????????????????????????????4??????? ??Microsoft????4?4?4???????4?????????????????????????4???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???n?6???????m???|?}?|???????????????e???1??????@%systemroot%\system32\driv ers\dfsc.sys,-102???????????????g??????H??n?????????e????????????????????????????t????m?? ????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domai n|LPort=5357|App=System|Name=@FirewallAPI.dll,-31769|Desc=@FirewallAPI.dll,-31770|EmbedCtxt=@FirewallAPI.dll,-31752|?do???????m???e???????????????e??v2.10|Action=Allow|Active=FALSE|Dir= Out|Protocol=6|Profile=Domain|RPort=5357|App=System|Name=@FirewallAPI.dll,-31771|Desc=@FirewallAPI.dll,-31772|EmbedCtxt=@FirewallAPI.dll,-31752|?l???????m???F???????????????e??v2.10|Action=Allow|Active=FALSE|Dir=I n|Protocol=6|Profile=Domain|LPort=5358|App=System|Name=@FirewallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|?eP??? ???m???m??????????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol= 6|Profile=Domain|RPort=5358|App=System|Name=@FirewallAPI.dll,-31775|Desc=@FirewallAPI.dll,-31776|EmbedCtxt=@FirewallAPI.dll,-31752|?-???????m???:?????????let??v2.
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???i?m??Net??k???????????,??????????????????????????????????????? ???????5???????????4???5????????????????????????????(??5??????????????????? ????????????0???5????H??6???????????5?5?5??? ???????0?????7???????0????????????&???????????????????????20091111012452418 ????6????z??T???????????????6?6?????5???5??????????????? ???????5???????????5??????????N?????????????s?????Realtek HD Audio front output????5????N??5??????????{17CCA71B-ECD7-11D0-B908-00A0C9223196}?<?????5?5? ??? ???????9?????5?????5????"??????????????????????????????5???????????3??\\?\H DAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A6C&REV_1002#4&9F34D18&0&0001# {6994ad04-93ef-11d0-a3cc-00a0c9223196}\FrontPanelHeadphoneTopo??????? ???????5?????5?????5??????????N??????????????????????5??????<??5??????????? ???Realtek HD front output mixer????5????N??5??????? ??{17CCA71B-ECD7-11D0-B908-00A0C9223196}???????5?5????? ???????5?????5???????????????????????????????50???? ???????5???????????5????????R?N???????Mi?????50????),??5??????????????????? ??????5????Realtek
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???m?????i???????????<??s???? "??j???????????????????/??????s???text?n???????????????????B??? ???????j?????i?????i?????????????? ???????O???????????????????????? ???????i???????????i??????????`???????????Net??i???i???????m??????????????? ????????????????s??AsyncMac?????????e??????in???????????i??tunnel?4EF???? ??/???????e???i???i???????U???????????????6???????????/???????????i??????p????j?j?j????????9?0???*6to4mp??????i??????p???????????t unnel?17-????????????????????X??????e???????i???????/??????s???????????@disk.inf,%disk_devdesc%;Disk drive?ce?ATA????B??i???6?????????nis??????????cdrom.inf???? ???????j?????i?????i??????????????????????????????????????????????? ???????i???????????i??????????\???????????volsnap?????????????????t????i??? i?i???????i?&???????m???i?i?i?i????????????????????????????Net??n???i???i?j ?i?????? ????-?????srN???????????????????????? ?d ???????????0??sl???i??? ??j????????????????N??k????????D???????????????????s??????i??????????????ol ??Bus Number 0, Target Id 0, LUN 0?7???i??LegacyDrive
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???~????Net??r??@netrasa.inf,%msft%;Microsoft????i??int???????????????????? s????????????????in???????????3???????j?j?j???i???i??????????????????$???4? ???? ??????? ????H?????????? ?????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0007?? ??\\?\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{78032B7E-4968-42D3-9F37-287EA86C0AAA}?????$|??i???????????????????????????????a???p???e???????i??? ???Z???n??????????? D??n???????????????????????????????i???????????????????r??@nettun.inf,%msft %;Microsoft????? ???U???c?????s??????4??????F??????vi??.NT?0}??????????11?e?.??????????????* 6to4mp??????????m??????s????????????B??.NTAMD64?????????????s?ss??????????? ???????r??????f??i???C??????????SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac?tcp???????i??????????????\\?\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}???????$???4????? ??????? ????H?????????? ???????????????????????????X??????r???t???$|??i?????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???i????? ???i???????????????????????????????e???????3??? \????????????????????? ??????????s????HidUsb????????N??k????????h??????????m??tunnel?4D0?????????? ?V??sS???????n??????p????i???????????????????????????B???????????????i??? ???????j?????i?????i????????????"? ???????V???????????????????????? ???????i???????????i??????????\???????????*6to4mp????????? ????-?????sig???j?j?3????N???????????D??????????????t???n???????????????g?i?i?i? ??????????????????????s????????????????????????????????????tunnel?e?e???i?? ?i?i???i????sn???????????g?????sUs???????i???????i???F??\D??????h???????s?? ??????m???i???????????????????????????????j?j?i??????`????4??????A-???????i???????????6??????0c??SYMTDIv??????????e???????e???j?j?j????X??j??? ????0???????????0?????s?????i??????????????09???????6??gencdrom?4???????i?? LegacyDriver????? ???e???V?????t?????????????????i???????/??File system??????m?m?m??Loopback?????????????????????????????i??int??????i???i?? ????????????\\?\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A6C&REV_1002# 4&9f
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ???o????????????????????????tunnel?6A6??????dd??CD-ROM Drive??????:??????e?g?e???????W????????????????N??j?????????D????Microsoft? ??*6to4mp??i???????`???2???e??????????{4d36e972-e325-11ce-bfc1-08002be10318}??Ne???????0????X????????????????????????????????????????????? ? z??j??????????????????????????????????s???????????????????????4D??????In??? ?X??????????????????d???????e??tunnel??????{4d36e972-e325-11ce-bfc1-08002be10318}\0006????????????????????s????????????????????????? x??j????????????????X???????????????N?????? ????Ds)???? `??j??????????????? h??j???1?????1?1??? (??j??????????s?????X??~???5???7??????????????????11???????????1??????????? ???????*6to4mp?????????????int??e??????4m???????????1???1???????e?????????? ???????s????????????????????????Microsoft???????????????Microsoft???????o?? ???X?????????????system32\DRIVERS\nvmf6264.sys???s?????????.?4-????<??j????????h??????i??t?????????????X??????????????????6???n??????????? ???????in??????na??Microsoft????????g???????3???????l??????????@netrasa.inf ,%mp-ip-dis
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ?????????????????2??6B???????????F??????93???s???????????????s????????????? ???????????????????????????8??????????????????????????????????-??87???????????A??a ???????????????????????????????????-??D1???????????????"???????j??????????????????????????????? ??????????????????????????????P???????????????????????????????????????????N et?????{eec5ad98-8080-425f-922a-dabf3de3f69a}????????????29????Net?????????????????????4B??? ??????????????????????????????????????????? ?????????????????????0??L????????? ??????MSF????????????????256-??? ?????????????????????0????????????&????????????????????D??? ?????????????????????0????????????????????????????? ???????????????????y?0????????????????????????????????????SanDisk ?f,%microsoftmfg%;Microsoft?79???????????????????????i??????4m??7E????????? ?????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????????????????????????????? ?????????????????????0??????????????????????????????????-4F3??? ???????????????????m?0???????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???Z?i??? ???????Z?????????????0?????????????????????Z?Z?Z??? ???????Z?????Z???????0??2????????????????????Z???Z????? ???????Z?????Z???????2??:???????????????????????e?????? ???????Z???????????Z?2????????f???????????????????e?????f??Z???????e??"%pro gramFiles%\Windows Media Player\wmpnscfg.exe"???????Z?????????????????y???????Z????? ???????Z?????Z???????0??(??????????????p?????Z???Z????? ???????Z???????????Z?,??????"?@??????????????????????????????????y??????>?? Z???????e??%SystemRoot%\System32\ncsi.dll????????@??Z????????????e?????Ncsi IdentifyUserSpecificProxies????????Z????? ???????Z??????????????????????????????????????d???ndiswanasync????? ???????????????????Z??? ???????Z???????????Z?9????????????????????????????? ??????????????????????(????????????s??ms_pppoe?1???????i???Z??????????????? ?X??????.???.??? ???????Z?????Z??????????d????????????????dnt??? ???????Z?????Z?????D???????? ?N???2????????????????????????????????????????B????????????N??Z???????????? ??{78032B7E-4968-42D3-9F37-287EA86C0AAA}? Hu??? ?????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ?????i??????4m??7E??????????????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????????????????????????????? ?????????????????????0??????????????????????????????????-4F3??? ???????????????????m?0?????????????????????????????????????????????9??3E??? ???????? ???????? ????????????0????????????&????????????????????N??? ?????????????????????0????????????????????? ???????????????????m?0????????????????????6.1.7600.16385??????????????????? ???????? ?????????????????????0????????????????????? ???????????????????m?0???????????????????????????????????????????????????s? ????????e??text????? ?????????????????????0????????????????????????????????????????? ???????????????????n?0????????"?????????????????????????????X??????????t??T ype????*6to4mp?????????????? ?????????????????????0????????????????????? ???????????????????{?0????????????????????????????????????????????????????? ???????? ?????????????????????0????????????????????Disk drive?ice??????????????????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ?????????????????_??04??????????6-21-2006???*6to4mp?????????el???????????-??D4??????????????????????????????6-????~??????-??DE??????et??tunnel?B4-??????:????????????????????????????????#???#??????????????????????s???????b ????????????_???????????e???????????????????????????????????0??????-4???????????i??????E0???????8???????d??int??g???????????c?????????????????? ?????????}???????s????<???????????????~??????9??99??????????????????04??? ??T???????????x???Microsoft 6to4 Adapter #104??2??????????????????????????????????????????????60???????????0??s???tu nnel?t#*??int?????????????????????*6to4mp?50??kbdhid??????????????????????? ???*6to4mp?????? ??L????/???????????????????A??-9????.?????????????2-??????????????*6to4mp?B0??????????Net?\l??????????????? ????????????????????????"?????p?H??????e???????????i??????????????????????? ????????????????B???????????B???????????????????m???e??Net??????????e?????? _2???????????2??_2??text????????et??text????storage\volumesnapshot??RO????N ?????????????????????????? ???????i?????pip?
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???e?i??%systemroot%\system32\setupapi.dll,-29??????????? ???A??????1???????????????????????????????????Net???????????????????P??A??? ????????????????????????A??? ???????A???????????-?0????????`??? ???????????? ??0?????????????????`??A?????????????????????L???????????????????? ??????????? ??????????A????? ?????????????A?????A??????????T?>?&????????????????????????? ??A??????s???SBP2??????T??A????????c????????A?????A???A??????????????@%Syst emRoot%\System32\SysClass.Dll,-3017?????.??A??????SBP2 IEEE 1394 Devices?SysClass.Dll,-3017?????P??A??????????%SystemRoot%\System32\setupapi.dll,-21???????A?A?A?A????? ???????A?????????????0???????????? ???????????? ?????????????A?????A??????????\???&????????????????????????????A??????s???X naComposite??????Z??A????????c?????@%SystemRoot%\system32\XInput9_1_0.dll,-1000???????A??????\??A??????Microsoft Common Controller For Windows Class?????P??A??????????%systemroot%\system32\setupapi.dll,-40???????A?A?A?A?A??????1???????????????? ???????A?????????????0???????????? ??????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???i????????????????????????File System??????????m???i???i?i??????????????<??j?????g????kbdclass???????????? ???????s???????????i#????i??????????????\\?\HID#VID_045E&PID_00F9&MI_00#7&2 8e32032&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}?????????????D??sE??? ???????T?????i?????h??????????^?<?Y???????????????????????????????????????? ???????????STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5???+??? ???????i???????????h?????????????????????????i#????i??? ???????T?????P?????9?,????????2???C???????????????????????????????????????? ?$??i??????????????Root\*6TO4MP\0020???????????? ???????T?????i?????h??????????^?G?Y???????????????????????????????????????? ???????????\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT6#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???? ???????T?????i?????i??????????^?R?Y???????????????????????????????????????? ?????}PMI??STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT7?LEV??? ???????i???????????i????????????????#por??\\?\STORAGE#VOLUMESNAPSHOT#HARDDI SKVOLUMESNAPSHOT7#{53f5630d-b6bf-11d0-94f2-00a0c91
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???v????tunnel??????? ???????v?????v????????????????????????????? ???????v?????x?????v????????&????????????????????????????????t????????????? ??????????????????????????????????P????? ??????????????n???? ???????v?????v?????v????????(????? ???????e????????????????????????????????????????????????v?v?????x?x????? ???????v???????????v??????????l????????g?????????????????e??????l??v??????? ??h????%systemroot%\system32\LogFiles\Firewall\pfirewall.log????v?v???????v ????? ???????v???????????h????????`????? ???????s???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramF iles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|?????x?x?v???????w???????????????P???????w???????????????x?x?x?x?x??? ????w???????????????????????????????w??192.168.137.1????w???????????????'?? `w???????????????????????e??v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol =17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubn et|App=%SystemRoot%\s
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???f?n???U?????U#???? ???????T?????????????,????????????&???????????????????????\\?\HDAUDIO#FUNC_ 01&VEN_10EC&DEV_0888&SUBSYS_103C2A6C&REV_1002#4&9f34d18&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\RearLineOutWave?9??????<??U???2???????;???????U?????????????? ????????\\?\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A6C&REV_1002#4&9f 34d18&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\RtLineInTopo???????????{0.0.1.00000000}.{52f9da9d-4fc6-460c-8ba6-e7fab35aa484}/00010000???????T???????????????????????????T??? ???????T?????????????,????????????&???????????????????????? ???????U?????U?????/?,???????? ???:?????????????????????????????????????$??U???6???????F????z??U???e?????? et??NDProxy?????? ???????U???????????/?,????????v?????#??????????????????????????U???????????????????i??????????? ????U??????????????????*6to4mp??8?????U#???? ???????U?????U?????/?,????????R???S???????????????????????????????????????????????Root\*6TO4MP\ 0004?????z??U???9??????1-???????/???w??sh??tcpip???????tunnel?002??? ???????U???????????/?
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???n?????????????????????e????????????s?????system32\drivers\nsiproxy.sys?? ???:??n????????h?????@%SystemRoot%\system32\drivers\netbt.sys,-2???????`??n?????????n?????n???????n???????n?????????e?????????n???n??????? ?????????????????????????8??n????????h???????N??????h?????j???????????????? ????? P??????i?????{6A??Performance Counters for Windows Driver??????????????:???????????????????????????????B???n???????????n???n?? ?????n???????n???????????9?g90???o??????????????????????@%systemroot%\syste m32\drivers\mup.sys,-102???????:??n????????h?????????????????t?????N??????v????D???????????????? ????????????????? ??????????????m???n???n???n????@%SystemRoot%\system32\drivers\partmgr.sys,-100?????????????????t???????43???????????????????e???-???e????????????????????????????????????6?????????????16????X??????????t??? ???????Net?2???tunnel???????????????8??:h???????????????????n??11?????????? ??(?_{???? ??7??????p???FF??????????????@%SystemRoot%\system32\drivers\partmgr.sys,-101?????????????????t???????????????????? ???d???o?

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

And Merry Christmas to you too.

Hello 1maddog, and Welcome to the forum!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

1. The instructions being given are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. You must have Administrator rights, permissions for this computer.
3. DO NOT run any other fix or removal tools unless instructed to do so!
4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
   
   Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Because of this, I advise you to backup any personal files and folders before you start


I bring to your attention a very serious security issue on your system. It begs of identity theft.
You have on your computer a P2P program µTorrent and several years of TurboTax
There is no way to know if any personal data has been compromised. If you are a tax preparer, you are risking all your clients personal data by using P2P on the same computer.

In order to continue, you must backup and remove all turbotax programs.

Here is a little blurp on P2P usage:
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

I am posting this for my dad.. who has no computer savy what so ever so please be gentil

I Installed BitDefender earlier and when I restarted my computer I have been getting these system error messages pop out every second.

Shell.exe - System Error
The program can't start because Miner.dll is missing from your computer. Try reinstalling the program to fix this problem.

What can I do?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:39 AM, on 12/25/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dell\AppData\Roaming\WindowsHelp\macromedia.exe
C:\Users\Dell\AppData\Roaming\WindowsHelp\shell.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dell\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?...592&bs=true&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?...592&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?...592&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?...592&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.nuevaq.fm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.nuevaq.fm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {8E384D31-CD5E-6109-734C-F91D658549DC} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - (no file)
O2 - BHO: YrJie New Games - {A86EFAD9-8377-476D-9192-CF440B6F88EC} - (no file)
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: MyEmoticons - {DCC39ACE-709B-44EA-B062-5F6BE2774644} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - (no file)
O2 - BHO: AliBar BHO - {E4E012DC-1925-48E9-8010-2D195574642A} - (no file)
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Skype.lnk = C:\Users\Dell\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs
O4 - Global Startup: Virtual Router Manager.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
O8 - Extra context menu item: Save Flash - res://C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O8 - Extra context menu item: Turbo Internet: Bookmark this page - C:\Program Files (x86)\Turbo Internet\exts\addFav.html
O8 - Extra context menu item: Turbo Internet: Download this link - C:\Program Files (x86)\Turbo Internet\exts\dl.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C33E666-D55C-46DF-93CB-163675219618}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22D5AC6-4261-458F-8028-9C50B8C951E4}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: DealPly Live Service (dealplylive) (dealplylive) - Unknown owner - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (file missing)
O23 - Service: DealPly Live Service (dealplylivem) (dealplylivem) - Unknown owner - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13792 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.45.2
Run by Dell at 8:26:17 on 2013-12-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2010.581 [GMT 8:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\taskeng.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\WScript.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\Dell\AppData\Local\Apps\2.0\EZNY49XK.4KM\H8LNJJ5J.PWX\dell..tion_0 f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Dell\AppData\Roaming\WindowsHelp\macromedia.exe
C:\Users\Dell\AppData\Roaming\WindowsHelp\shell.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = hxxp://www.nuevaq.fm
uSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
mStart Page = about:blank
mLocal Page = hxxp://www.nuevaq.fm
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - <orphaned>
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {8E384D31-CD5E-6109-734C-F91D658549DC} - <orphaned>
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: {9cf699ca-2174-4ed8-bec1-ba82095edce0} - <orphaned>
BHO: {A86EFAD9-8377-476D-9192-CF440B6F88EC} - <orphaned>
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {DCC39ACE-709B-44EA-B062-5F6BE2774644} - <orphaned>
BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - <orphaned>
BHO: {E4E012DC-1925-48E9-8010-2D195574642A} - <orphaned>
BHO: IEButton Class: {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
uRun: [AdobeBridge] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\Dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ON ENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sk ype.lnk - C:\Users\Dell\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIRTUA~1.LNK - C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
IE: Save Flash - C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - C:\Program Files (x86)\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
IE: Turbo Internet: Bookmark this page - C:\Program Files (x86)\Turbo Internet\exts\addFav.html
IE: Turbo Internet: Download this link - C:\Program Files (x86)\Turbo Internet\exts\dl.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4151F90D-9F07-4B52-9903-483F4B649B0E} : DHCPNameServer = 203.82.64.129 203.82.64.145
TCP: Interfaces\{7C33E666-D55C-46DF-93CB-163675219618} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\1496A757464696E677966696 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\1496A757464696E677966696 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\35160716F3 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\35160716F3 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\379716669617F577966696 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\379716669617F577966696 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\4514E4F534849445F5F4E474 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\4514E4F534849445F5F4E474 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\559645D4457616E6573547574656E647 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\559645D4457616E6573547574656E647 : DHCPNameServer = 10.0.7.12 10.0.8.19
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\559645D4457616E6577457563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\559645D4457616E6577457563747 : DHCPNameServer = 10.0.7.12 10.0.8.19
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\B4457502D41435A494440214C4D2D455358414A4942594E4 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D22D5AC6-4261-458F-8028-9C50B8C951E4}\B4457502D41435A494440214C4D2D455358414A4942594E4 : DHCPNameServer = 202.188.1.5 202.188.0.133
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - <orphaned>
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-12-25 718840]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-12-25 121928]
R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-12-25 148696]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-3 574272]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_afc3018f8cfedd20\AESTSr64.exe [2011-11-12 89600]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-14 27136]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-12-25 69368]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\ HWDeviceService64.exe [2011-3-14 346976]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-12-15 175480]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-12-25 593144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-11-12 172704]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenu m.sys [2013-3-16 86016]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 dealplylive;DealPly Live Service (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc --> C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\System32\drivers\wcmvcam64.sys [2012-4-16 1071032]
S3 dealplylivem;DealPly Live Service (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc --> C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-3-16 117248]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2013-3-16 421376]
S3 massfilter;MBB Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-4-12 11776]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-11-12 215552]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2008-5-16 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2008-5-16 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2008-5-16 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2008-5-16 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2008-5-16 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2008-5-16 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2008-5-16 151592]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\System32\drivers\s816bus.sys [2007-6-19 107048]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\System32\drivers\s816nd5.sys [2007-6-19 30248]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\System32\drivers\s816unic.sys [2007-6-19 129064]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-15 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
.
=============== Created Last 30 ================
.
2013-12-24 23:44:49 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2013
2013-12-24 22:57:11 -------- d-----w- C:\ProgramData\Logs
2013-12-24 22:56:33 19392 ----a-w- C:\Windows\System32\roboot64.exe
2013-12-24 22:56:28 206610 ----a-w- C:\ProgramData\1387925510.bdinstall.bin
2013-12-24 22:55:23 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-12-24 22:55:17 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-12-24 22:55:17 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-12-24 22:51:54 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-12-24 22:48:49 157163 ----a-w- C:\ProgramData\1387924533.bdinstall.bin
2013-12-24 22:38:14 -------- d-----w- C:\Program Files\Bitdefender
2013-12-24 22:38:02 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-12-23 16:39:35 -------- d-----w- C:\Program Files (x86)\B5TService
2013-12-23 16:09:12 -------- d-----w- C:\ProgramData\tmp201307
2013-12-22 02:30:42 -------- d-----w- C:\Program Files (x86)\Common Files\ITui
2013-12-20 20:04:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B5D4C99-C441-4DCE-A74D-B3482AED50E8}\offreg.dll
2013-12-20 20:03:00 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B5D4C99-C441-4DCE-A74D-B3482AED50E8}\mpengine.dll
2013-12-15 09:43:44 175480 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2013-12-11 18:09:07 35352 ----a-w- C:\Windows\System32\drivers\cnnctfy3.sys
2013-12-11 17:59:45 -------- d-----w- C:\Users\Dell\AppData\Local\Chris_Pietschmann_(http__
2013-12-11 17:55:35 -------- d-----w- C:\Program Files (x86)\Virtual Router
2013-12-04 11:54:48 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-11-25 10:11:57 150128064 ----a-w- C:\Video_Driver_8R603_WN_9.17.10.2867_A03.EXE
2013-11-25 10:07:24 -------- d-----w- C:\Users\Dell\AppData\Roaming\IDM
2013-11-25 10:07:16 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2013-11-25 09:46:31 -------- d-----w- C:\Users\Dell\AppData\Local\Deployment
2013-11-25 09:46:31 -------- d-----w- C:\Users\Dell\AppData\Local\Apps
.
==================== Find3M ====================
.
2013-12-16 02:57:55 73 ----a-w- C:\Windows\SysWow64\ssprs.dll
2013-12-16 02:57:51 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2013-12-12 09:14:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-12 09:14:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 04:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-20 03:27:45 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2013-11-20 03:27:45 1025 ----a-w- C:\Windows\SysWow64\clauth2.dll
2013-11-20 03:27:45 1025 ----a-w- C:\Windows\SysWow64\clauth1.dll
2013-10-07 23:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 8:27:15.18 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2011 8:35:53 PM
System Uptime: 12/25/2013 7:10:13 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0K138P
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 25.197 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP868: 12/21/2013 3:48:02 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.22beta
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Advanced SystemCare 6
AMD Catalyst Install Manager
Any Video Converter 3.3.2
Audacity 2.0
BFlix
Bitdefender Antivirus Free Edition
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CloudReading
Condition Zero
Connection Manager
D3DX10
Dell Resource CD
Dell System Detect - 1
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
Digital Line Detect
Facebook Video Calling 1.2.0.287
Flash Saving Plugin
Foxit Reader
Game Booster
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Icy Tower v1.5.1
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Driver
Internet Download Manager
Java 7 Update 45
Java Auto Updater
Java(TM) 7 Update 3 (64-bit)
Java(TM) SE Development Kit 7 Update 3 (64-bit)
JavaFX 2.0.3 (64-bit)
JavaFX 2.0.3 SDK (64-bit)
LAME v3.99.3 (for Windows)
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Modem Diagnostics Tool
MSL 2013 Patch v1.0
MSVCRT
MSVCRT Redists
NetWaiting
Noise Reduction Plug-in 2.0
Notepad++
OptimizerPro
Protected Search 1.1
Quickset64
Reader for PC
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
SafeSaver 1.74
Search Assistant WebSearch 1.74
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 6.11
SPSS 13.0 for Windows
Ss-Helper 1.74
SWF Opener
swMSM
System Requirements Lab CYRI
TeraCopy 2.22
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtuaGirl HD
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR 4.20 (64-bit)
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/25/2013 7:13:55 AM, Error: Service Control Manager [7000] - The DealPly Live Service (dealplylive) service failed to start due to the following error: The system cannot find the file specified.
12/25/2013 7:11:02 AM, Error: Service Control Manager [7000] - The WebcamMax, WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/25/2013 6:55:38 AM, Error: Service Control Manager [7000] - The bdfwfpf service failed to start due to the following error: The system cannot find the file specified.
12/25/2013 5:00:40 AM, Error: Service Control Manager [7030] - The B5TService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/24/2013 8:56:17 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RAMLY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D22D5AC6-4261-458F-8028-9C50B8C951E4}. The master browser is stopping or an election is being forced.
12/23/2013 2:45:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SHAHIRAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D22D5AC6-4261-458F-8028-9C50B8C951E4}. The master browser is stopping or an election is being forced.
12/23/2013 10:40:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/22/2013 4:29:49 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/20/2013 8:03:57 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 90-5F-2E-AC-FC-CA. Network operations on this system may be disrupted as a result.
12/20/2013 7:24:09 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not allow the name to be claimed by this computer.
12/20/2013 7:23:43 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/20/2013 11:06:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/19/2013 5:21:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR9.
12/19/2013 1:17:09 PM, Error: Disk [11] - The driver detected a controller error on \...\DR4.
12/18/2013 6:16:38 PM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================

Yep MBAR has nailed a rootkit, ok we still need a couple of scans, hopefully after these we can clean up..

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• click on the Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
• When asked, allow the add/on to be installed
  Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings, ensure the options
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
• wait for the virus definitions to be downloaded
• Wait for the scan to finish

When the scan is complete

• If no threats were found
• put a checkmark in "Uninstall application on close"
• close program
• report to me that nothing was found

If threats were found

• click on "list of threats found"
• click on "export to text file" and save it as ESET SCAN and save to the desktop
• Click on back
• put a checkmark in "Uninstall application on close"
• click on finish

close program

copy and paste the report in next reply

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those logs, let me know if any remaining issues or concerns...

Kevin

Hiya and welcome to Tech Support Guy :)

Are you still having this problem? If so, lets start with running the following tools:


Download Security Check from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

----


Download and scan with SUPERAntiSpyware Free Edition for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Home" button to leave the control center screen.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click Scan your computer.
• On the left, select all fixed drives.
• Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • [i][color=green]Click View Scan Logs.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

----

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

---

Go here, then click the large blue "Download Now @ Bleeping Computer" link to download and save AdwCleaner.exe to your desktop.

Note: It looks like a gray bug with 6 black legs.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the Scan button, then click "OK".

Allow the scan process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the Report button.

Return here to your thread, then copy-and-paste the ENTIRE log here

----

Please include the MBAM log, SUPERAntiSpyware Scan Log, checkup.txt, JRT.txt and adwCleaner[R1].txt in your next reply

eddie