Jump to content

raderic

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by raderic

  1. raderic
    Gringo, My warmest regards go out to you. Thank you so much for your time and help thoughout this process. It is greatly appreciated! Cheers!
  2. raderic
    C:\Qoobox\Quarantine\C\ProgramData\BBroowseu2save\515c46834a5df.dll.vir a variant of Win32/Adware.MultiPlug.I application C:\Users\Eric\Downloads\MicrosoftSecurityEssentials.exe a variant of Win32/OpenInstall application Finally, is this icon with the blue crosshairs from one of the program that I have downloaded? Safe to keep? Thanks!
  3. raderic
    Mbam Log: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.14.06 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Eric :: ERIC-PC [administrator] Protection: Enabled 4/14/2013 6:21:40 PM mbam-log-2013-04-14 (18-21-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223620 Time elapsed: 9 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\MaganiPic\515e32b7e6412.dll (Adware.MultiPlug) -> Quarantined and deleted successfully. (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:53:38 PM, on 4/14/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.17267) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Users\Eric\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Eric\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Users\Eric\Downloads\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [googletalk] C:\Users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\Eric\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe O4 - Startup: Dropbox.lnk = Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Hawkes Unattended Updater (HawkesUpdater) - Unknown owner - C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- End of file - 12443 bytes All of this has gone very well, except for the fact that I am unable to uninstall BrowsetoSave 1.74. It does not show up on Revo Uninstaller. My computer is running much smoother now. If we can uninstall Browse to Save, I'd feel much better about things, but all in all, +. Thank you!
  4. raderic
    <p>Combo fix Report:</p> <p> </p> <p> </p> <div>ComboFix 13-04-12.02 - Eric 04/13/2013 14:35:03.3.4 - x86</div> <div>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.914 [GMT -6:00]</div> <div>Running from: c:\users\Eric\Downloads\ComboFix.exe</div> <div>Command switches used :: c:\users\Eric\Desktop\cfscript.txt</div> <div>AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div> <div>AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}</div> <div>SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div> <div>SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}</div> <div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\windows\system32\roboot.exe</div> <div>c:\windows\TEMP\mia3\mEXEFunc.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2013-04-13 20:43 . 2013-04-13 20:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Eric\AppData\Local\temp</div> <div>2013-04-13 20:43 . 2013-04-13 20:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2013-04-13 20:28 . 2013-04-13 20:28<span class="Apple-tab-span" style="white-space:pre"> </span>29904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDD0B128-B024-4249-8864-2AD7236AA28D}\MpKsl3d1055ff.sys</div> <div>2013-04-13 09:23 . 2013-04-13 09:23<span class="Apple-tab-span" style="white-space:pre"> </span>0<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\sho1B85.tmp</div> <div>2013-04-13 00:45 . 2013-03-15 07:21<span class="Apple-tab-span" style="white-space:pre"> </span>7108640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDD0B128-B024-4249-8864-2AD7236AA28D}\mpengine.dll</div> <div>2013-04-12 00:27 . 2013-03-15 07:21<span class="Apple-tab-span" style="white-space:pre"> </span>7108640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</div> <div>2013-04-11 23:14 . 2013-03-01 03:11<span class="Apple-tab-span" style="white-space:pre"> </span>2345984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2013-04-11 23:14 . 2013-01-24 04:51<span class="Apple-tab-span" style="white-space:pre"> </span>195816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fvevol.sys</div> <div>2013-04-11 23:14 . 2013-03-19 05:06<span class="Apple-tab-span" style="white-space:pre"> </span>3902312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div> <div>2013-04-11 23:14 . 2013-03-19 05:06<span class="Apple-tab-span" style="white-space:pre"> </span>3958120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div> <div>2013-04-11 23:14 . 2013-03-19 04:54<span class="Apple-tab-span" style="white-space:pre"> </span>38912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\csrsrv.dll</div> <div>2013-04-11 23:14 . 2013-03-19 02:50<span class="Apple-tab-span" style="white-space:pre"> </span>69632<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\smss.exe</div> <div>2013-04-11 23:12 . 2013-03-02 03:30<span class="Apple-tab-span" style="white-space:pre"> </span>44544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div> <div>2013-04-11 23:12 . 2013-03-02 03:29<span class="Apple-tab-span" style="white-space:pre"> </span>1638912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mshtml.tlb</div> <div>2013-04-07 17:19 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>199384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswNdis2.sys</div> <div>2013-04-07 17:19 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>101656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswFW.sys</div> <div>2013-04-07 17:19 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>21576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswKbd.sys</div> <div>2013-04-07 17:18 . 2013-03-06 22:11<span class="Apple-tab-span" style="white-space:pre"> </span>12112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswNdis.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>368176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSP.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>29816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswFsBlk.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>60656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswRdr2.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>765736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSnx.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>62376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswTdi.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>49248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswRvrt.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>164736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswVmm.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>66336<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div> <div>2013-04-07 17:14 . 2013-03-06 22:32<span class="Apple-tab-span" style="white-space:pre"> </span>228600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aswBoot.exe</div> <div>2013-04-07 17:13 . 2013-03-06 22:32<span class="Apple-tab-span" style="white-space:pre"> </span>41664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div> <div>2013-04-07 17:12 . 2013-04-07 17:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software</div> <div>2013-04-07 17:11 . 2013-04-07 17:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVAST Software</div> <div>2013-04-05 01:35 . 2013-04-07 02:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MaganiPic</div> <div>2013-04-03 02:53 . 2013-04-07 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Eric\AppData\Roaming\Nico Mak Computing</div> <div>2013-04-03 02:52 . 2013-04-03 02:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Eric\.swt</div> <div>2013-04-03 02:51 . 2013-04-07 16:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Eric\AppData\Roaming\Azureus</div> <div>2013-03-27 17:36 . 2013-02-12 13:51<span class="Apple-tab-span" style="white-space:pre"> </span>15872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\usb8023.sys</div> <div>2013-03-22 20:51 . 2012-11-28 04:49<span class="Apple-tab-span" style="white-space:pre"> </span>740840<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29EBD3BE-A53C-4DC7-B025-CBD4ADB56204}\gapaengine.dll</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2013-04-07 02:30 . 2010-07-26 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll</div> <div>2013-04-07 02:29 . 2010-07-26 23:53<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll</div> <div>2013-04-07 02:29 . 2010-07-26 23:53<span class="Apple-tab-span" style="white-space:pre"> </span>539984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll</div> <div>2013-04-02 10:33 . 2011-01-12 14:28<span class="Apple-tab-span" style="white-space:pre"> </span>237088<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div> <div>2013-03-13 21:01 . 2013-02-25 15:32<span class="Apple-tab-span" style="white-space:pre"> </span>693976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div> <div>2013-03-13 21:01 . 2011-05-15 14:23<span class="Apple-tab-span" style="white-space:pre"> </span>73432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2013-02-04 16:50 . 2013-02-04 16:50<span class="Apple-tab-span" style="white-space:pre"> </span>0<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\shoD144.tmp</div> <div>2013-01-21 00:02 . 2013-01-21 00:02<span class="Apple-tab-span" style="white-space:pre"> </span>94112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div> <div>2013-01-21 00:02 . 2013-01-21 00:03<span class="Apple-tab-span" style="white-space:pre"> </span>859552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div> <div>2013-01-21 00:02 . 2010-07-15 19:09<span class="Apple-tab-span" style="white-space:pre"> </span>780192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div> <div>2013-01-20 22:59 . 2013-01-20 22:59<span class="Apple-tab-span" style="white-space:pre"> </span>195296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\MpFilter.sys</div> <div>2013-01-20 22:59 . 2010-10-25 03:25<span class="Apple-tab-span" style="white-space:pre"> </span>100328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\NisDrvWFP.sys</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</div> <div>@="{472083B0-C522-11CF-8763-00608CC02F24}"</div> <div>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</div> <div>2013-03-06 22:32<span class="Apple-tab-span" style="white-space:pre"> </span>121968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software\Avast\ashShell.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]</div> <div>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"</div> <div>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]</div> <div>2012-11-13 23:32<span class="Apple-tab-span" style="white-space:pre"> </span>129272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]</div> <div>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"</div> <div>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]</div> <div>2012-11-13 23:32<span class="Apple-tab-span" style="white-space:pre"> </span>129272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]</div> <div>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"</div> <div>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]</div> <div>2012-11-13 23:32<span class="Apple-tab-span" style="white-space:pre"> </span>129272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"googletalk"="c:\users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]</div> <div>"Amazon Cloud Drive"="c:\users\Eric\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856]</div> <div>"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-06 495708]</div> <div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]</div> <div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]</div> <div>"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]</div> <div>"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]</div> <div>"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]</div> <div>"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]</div> <div>"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]</div> <div>"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]</div> <div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]</div> <div>"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]</div> <div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]</div> <div>"bncsaui.exe"="c:\program files\Bradford Networks\Persistent Agent\bncsaui.exe" [2011-03-08 2625304]</div> <div>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]</div> <div>"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]</div> <div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div> <div>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]</div> <div>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392]</div> <div>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]</div> <div>.</div> <div>c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Dropbox.lnk - c:\users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]</div> <div>.</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]</div> <div>HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]</div> <div>McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]</div> <div>@="Service"</div> <div>.</div> <div>R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]</div> <div>R3 aswVmm;aswVmm; [x]</div> <div>R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]</div> <div>R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]</div> <div>R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]</div> <div>R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]</div> <div>R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]</div> <div>R3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [x]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]</div> <div>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</div> <div>S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]</div> <div>S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]</div> <div>S0 aswRvrt;aswRvrt; [x]</div> <div>S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x]</div> <div>S1 aswKbd;aswKbd; [x]</div> <div>S1 aswSnx;aswSnx; [x]</div> <div>S1 aswSP;aswSP; [x]</div> <div>S1 MpKsl3d1055ff;MpKsl3d1055ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDD0B128-B024-4249-8864-2AD7236AA28D}\MpKsl3d1055ff.sys [x]</div> <div>S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]</div> <div>S2 aswFsBlk;aswFsBlk; [x]</div> <div>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]</div> <div>S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]</div> <div>S2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [x]</div> <div>S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]</div> <div>S2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x]</div> <div>S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]</div> <div>S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [x]</div> <div>S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]</div> <div>S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]</div> <div>S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]</div> <div>S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]</div> <div>S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]</div> <div>S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]</div> <div>S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]</div> <div>S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]</div> <div>S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]</div> <div>S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]</div> <div>S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div> <div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div> <div>HPService<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>HPSLPSVC</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job</div> <div>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 21:01]</div> <div>.</div> <div>2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 00:26]</div> <div>.</div> <div>2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 00:26]</div> <div>.</div> <div>2013-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417305282-2889835294-653053422-1001Core.job</div> <div>- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 23:41]</div> <div>.</div> <div>2013-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417305282-2889835294-653053422-1001UA.job</div> <div>- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 23:41]</div> <div>.</div> <div>2013-04-13 c:\windows\Tasks\Norton Security Scan for Eric.job</div> <div>- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-15 09:30]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>TCP: DhcpNameServer = 75.75.75.75 75.75.76.76</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]</div> <div>"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\diMaster.dll\" /prefetch:1"</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_USERS\S-1-5-21-3417305282-2889835294-653053422-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="WindowsLiveMail.Email.1"</div> <div>.</div> <div>[HKEY_USERS\S-1-5-21-3417305282-2889835294-653053422-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="WindowsLiveMail.VCard.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>--------------------- DLLs Loaded Under Running Processes ---------------------</div> <div>.</div> <div>- - - - - - - > 'Explorer.exe'(5388)</div> <div>c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll</div> <div>c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll</div> <div>.</div> <div>------------------------ Other Running Processes ------------------------</div> <div>.</div> <div>c:\program files\Microsoft Security Client\MsMpEng.exe</div> <div>c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe</div> <div>c:\program files\AVAST Software\Avast\AvastSvc.exe</div> <div>c:\windows\system32\WLANExt.exe</div> <div>c:\windows\system32\conhost.exe</div> <div>c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe</div> <div>c:\windows\system32\taskhost.exe</div> <div>c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe</div> <div>c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div> <div>c:\program files\Bonjour\mDNSResponder.exe</div> <div>c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe</div> <div>c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe</div> <div>c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div> <div>c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div> <div>c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe</div> <div>c:\windows\system32\conhost.exe</div> <div>c:\windows\system32\sppsvc.exe</div> <div>c:\program files\Windows Media Player\wmpnetwk.exe</div> <div>c:\\?\c:\windows\system32\wbem\WMIADAP.EXE</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>Completion time: 2013-04-13 14:50:28 - machine was rebooted</div> <div>ComboFix-quarantined-files.txt 2013-04-13 20:50</div> <div>ComboFix2.txt 2013-04-13 00:27</div> <div>.</div> <div>Pre-Run: 168,702,124,032 bytes free</div> <div>Post-Run: 168,438,312,960 bytes free</div> <div>.</div> <div>- - End Of File - - 296A5EBCA191C13A856698DDBDA4270E</div> <div> </div>
  5. raderic
    Here you go: ComboFix 13-04-12.02 - Eric 04/12/2013 18:11:14.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.895 [GMT -6:00] Running from: c:\users\Eric\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\BBroowseu2save c:\programdata\BBroowseu2save\515c46834a5df.dll c:\programdata\BBroowseu2save\515c46834a5df.tlb c:\programdata\BBroowseu2save\data\BBroowseu2save.dat c:\programdata\BBroowseu2save\settings.ini c:\programdata\BBroowseu2save\uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\BBroowseu2save c:\programdata\Microsoft\Windows\Start Menu\Programs\BBroowseu2save\BBroowseu2save.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\BBroowseu2save\Uninstall.lnk c:\users\Eric\Documents\~WRL0003.tmp c:\users\Eric\Documents\~WRL0005.tmp c:\users\Eric\Documents\~WRL0109.tmp c:\users\Eric\Documents\~WRL1141.tmp c:\users\Eric\Documents\~WRL1151.tmp c:\users\Eric\Documents\~WRL3038.tmp c:\windows\TEMP\mia194\mEXEFunc.dll . . ((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 ))))))))))))))))))))))))))))))) . . 2013-04-13 00:20 . 2013-04-13 00:23 -------- d-----w- c:\users\Eric\AppData\Local\temp 2013-04-13 00:20 . 2013-04-13 00:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-12 20:57 . 2013-04-12 20:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609266B9-739B-457B-8CF0-AA8E06BC861D}\MpKsl1a587daa.sys 2013-04-12 01:06 . 2013-04-12 01:06 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609266B9-739B-457B-8CF0-AA8E06BC861D}\offreg.dll 2013-04-12 00:27 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609266B9-739B-457B-8CF0-AA8E06BC861D}\mpengine.dll 2013-04-11 23:24 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-07 17:19 . 2013-03-06 22:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-04-07 17:19 . 2013-03-06 22:33 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-04-07 17:19 . 2013-03-06 22:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-04-07 17:18 . 2013-03-06 22:11 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2013-04-07 17:14 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-04-07 17:14 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-04-07 17:14 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-04-07 17:14 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-04-07 17:14 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-04-07 17:14 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-04-07 17:14 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-04-07 17:14 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-04-07 17:14 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-04-07 17:13 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr 2013-04-07 17:12 . 2013-04-07 17:12 -------- d-----w- c:\program files\AVAST Software 2013-04-07 17:11 . 2013-04-07 17:12 -------- d-----w- c:\programdata\AVAST Software 2013-04-05 01:35 . 2013-04-07 02:31 -------- d-----w- c:\programdata\MaganiPic 2013-04-03 02:53 . 2013-04-07 16:21 -------- d-----w- c:\users\Eric\AppData\Roaming\Nico Mak Computing 2013-04-03 02:53 . 2013-02-13 17:07 18304 ----a-w- c:\windows\system32\roboot.exe 2013-04-03 02:52 . 2013-04-03 02:52 -------- d-----w- c:\users\Eric\.swt 2013-04-03 02:51 . 2013-04-07 16:16 -------- d-----w- c:\users\Eric\AppData\Roaming\Azureus 2013-03-27 17:36 . 2013-02-12 13:51 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-22 20:51 . 2012-11-28 04:49 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29EBD3BE-A53C-4DC7-B025-CBD4ADB56204}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-07 02:30 . 2010-07-26 23:54 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-04-07 02:29 . 2010-07-26 23:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-04-07 02:29 . 2010-07-26 23:53 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-04-02 10:33 . 2011-01-12 14:28 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-13 21:01 . 2013-02-25 15:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 21:01 . 2011-05-15 14:23 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-28 16:16 . 2013-03-13 20:59 981504 ----a-w- c:\windows\system32\wininet.dll 2013-02-28 16:16 . 2013-03-13 20:59 44544 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-28 14:51 . 2013-03-13 20:59 386048 ----a-w- c:\windows\system32\html.iec 2013-02-28 13:26 . 2013-03-13 20:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-04 16:50 . 2013-02-04 16:50 0 ----a-w- c:\windows\system32\shoD144.tmp 2013-01-21 00:02 . 2013-01-21 00:02 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-21 00:02 . 2013-01-21 00:03 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-21 00:02 . 2010-07-15 19:09 780192 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-20 22:59 . 2013-01-20 22:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 22:59 . 2010-10-25 03:25 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Amazon Cloud Drive"="c:\users\Eric\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-06 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "bncsaui.exe"="c:\program files\Bradford Networks\Persistent Agent\bncsaui.exe" [2011-03-08 2625304] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] . c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 aswVmm;aswVmm; [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x] S0 aswRvrt;aswRvrt; [x] S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 MpKsl1a587daa;MpKsl1a587daa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609266B9-739B-457B-8CF0-AA8E06BC861D}\MpKsl1a587daa.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x] S2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 21:01] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 00:26] . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 00:26] . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417305282-2889835294-653053422-1001Core.job - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 23:41] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417305282-2889835294-653053422-1001UA.job - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 23:41] . 2013-04-12 c:\windows\Tasks\Norton Security Scan for Eric.job - c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-15 09:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://searchou.com/?id=fadde72100000000000078e400335b4d uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . BHO-{4EB02E2C-99B3-F60B-5E40-EFA626EDE17A} - c:\programdata\BBroowseu2save\515c46834a5df.dll Toolbar-Locked - (no file) HKCU-Run-Polar Sync - (no file) HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe HKCU-Run-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe HKCU-Run-GameXN GO - c:\programdata\GameXN\GameXNGO.exe AddRemove-SP_48c708f2 - c:\program files\BrowseToSave\uninstall.exe AddRemove-{5B6D9D04-6D67-5FCA-AE1C-A36FD7713847} - c:\progra~2\INSTAL~2\{88FEB~1\Setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL] "ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.7\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3417305282-2889835294-653053422-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3417305282-2889835294-653053422-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(408) c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2013-04-12 18:27:29 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-13 00:27 . Pre-Run: 164,864,118,784 bytes free Post-Run: 167,482,736,640 bytes free . - - End Of File - - 438C29D2CC0903B2E9063436C67FADDA
  6. raderic
    Gringo, I restarted my computer and my log was lost, but now my internet is working like a champ and the searchiu is gone! thank you so much sir and I wish you the best!
  7. raderic
    # AdwCleaner v2.200 - Logfile created 04/12/2013 at 14:48:53 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium (32 bits) # User : Eric - ERIC-PC # Boot Mode : Normal # Running from : C:\Users\Eric\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\BrowseToSave Folder Deleted : C:\Program Files\Common Files\spigot Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\clsoft ltd Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\SoftSafe Folder Deleted : C:\Users\Eric\AppData\Local\PackageAware Folder Deleted : C:\Users\Eric\AppData\Roaming\NCdownloader ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\StartSearch Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.17256 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3942 octets] - [12/04/2013 14:48:53] ########## EOF - C:\AdwCleaner[s1].txt - [4002 octets] ########## RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : Eric [Admin rights] Mode : Remove -- Date : 04/12/2013 15:03:28 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2556GSY +++++ --- User --- [MBR] 2c9552691007f8dce07ea82a85b88d1e [bSP] 1e74a58fee200fce8a21e9f082c112ee : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_04122013_02d1503.txt >> RKreport[1]_S_04122013_02d1500.txt ; RKreport[2]_D_04122013_02d1502.txt ; RKreport[3]_D_04122013_02d1503.txt
  8. raderic
    Gringo, Thanks for the timely help. DDS Report: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.17256 BrowserJavaVersion: 10.11.2 Run by Eric at 17:21:51 on 2013-04-11 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.300 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Users\Eric\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Users\Eric\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\notepad.exe C:\Users\Eric\Downloads\SecurityCheck.exe C:\Windows\system32\conhost.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k defragsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://searchou.com/?id=fadde72100000000000078e400335b4d uSearch Bar = Preserve BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BBroowseu2save: {4EB02E2C-99B3-F60B-5E40-EFA626EDE17A} - c:\programdata\bbroowseu2save\515c46834a5df.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - c:\program files\norton safe web lite\engine\1.2.0.7\CoIEPlg.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Norton Safe Web Lite: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\1.2.0.7\CoIEPlg.dll TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\1.2.0.7\CoIEPlg.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Google Update] "c:\users\eric\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [Polar Sync] <no file> mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2 mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [bYR_AGENT] c:\programdata\lgmobileax\byr_client\VZWNotiAgent.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [bncsaui.exe] c:\program files\bradford networks\persistent agent\bncsaui.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui StartupFolder: c:\users\eric\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\eric\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{1A6E1D9F-4833-4AA9-AFAB-C375030382ED} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{1A6E1D9F-4833-4AA9-AFAB-C375030382ED}\269676E226F6F64797E226964736865637 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{1A6E1D9F-4833-4AA9-AFAB-C375030382ED}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{3C415D11-FCB9-470D-ABB5-20720C77B5AA} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\browse~1\sprote~1.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-4-7 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-4-7 199384] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-7 49248] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-4-7 101656] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-4-7 21576] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-7 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-7 368176] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-5-28 81920] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-7 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-7 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-7 45248] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-4-7 136912] R2 BNPagent;Bradford Persistent Agent Service;c:\program files\bradford networks\persistent agent\bndaemon.exe [2011-3-7 3079960] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624] R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-8-31 8192] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328] R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.7\ccSvcHst.exe [2011-6-27 130000] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-15 2320920] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-7-15 143968] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-28 125696] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-7-15 232960] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496] RUnknown MpKslb0dd25c2;MpKslb0dd25c2; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-7 164736] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-15 29472] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-7-15 134144] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-19 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-28 171520] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-28 277536] S3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [2008-1-19 41728] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-29 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2013-04-11 23:12:38 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62d97cf3-1c58-4fc5-8aca-df02e29ffa77}\offreg.dll 2013-04-10 14:40:22 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62d97cf3-1c58-4fc5-8aca-df02e29ffa77}\mpengine.dll 2013-04-08 19:22:27 7108640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-04-07 20:56:03 -------- d-----w- c:\users\eric\appdata\local\{23F260FD-B6CF-41BA-A913-75ED4C611D8D} 2013-04-07 17:19:14 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-04-07 17:19:13 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-04-07 17:19:12 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-04-07 17:18:49 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2013-04-07 17:14:10 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-04-07 17:14:09 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-04-07 17:14:08 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-04-07 17:14:08 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-04-07 17:14:06 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-04-07 17:13:03 41664 ----a-w- c:\windows\avastSS.scr 2013-04-07 17:12:26 -------- d-----w- c:\program files\AVAST Software 2013-04-07 17:11:23 -------- d-----w- c:\programdata\AVAST Software 2013-04-05 01:35:33 -------- d-----w- c:\programdata\CLSoft LTD 2013-04-05 01:35:12 -------- d-----w- c:\programdata\MaganiPic 2013-04-05 01:32:08 -------- d-----w- c:\users\eric\appdata\roaming\NCdownloader 2013-04-03 14:39:50 -------- d-----w- c:\users\eric\appdata\local\{99EF222F-8EE5-467C-95F9-D8A828C7A2C7} 2013-04-03 14:35:42 -------- d-----w- c:\programdata\SoftSafe 2013-04-03 14:35:31 -------- d-----w- c:\program files\BrowseToSave 2013-04-03 14:35:24 -------- d-----w- c:\programdata\BBroowseu2save 2013-04-03 14:34:57 -------- d-----w- c:\programdata\InstallMate 2013-04-03 02:53:43 -------- d-----w- c:\users\eric\appdata\roaming\Nico Mak Computing 2013-04-03 02:53:37 18304 ----a-w- c:\windows\system32\roboot.exe 2013-04-03 02:52:06 -------- d-----w- c:\users\eric\.swt 2013-04-03 02:51:54 -------- d-----w- c:\program files\common files\Spigot 2013-04-03 02:51:22 -------- d-----w- c:\users\eric\appdata\roaming\Azureus 2013-03-28 15:06:37 -------- d-----w- c:\users\eric\appdata\local\{882D4194-60B3-4547-ABA7-5D6EDE54CAC5} 2013-03-27 17:36:07 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-24 18:39:23 -------- d-----w- c:\users\eric\appdata\local\{905D7A7E-0E42-4514-B709-A8A8476B1B5A} 2013-03-22 20:51:48 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29ebd3be-a53c-4dc7-b025-cbd4adb56204}\gapaengine.dll 2013-03-22 20:42:01 -------- d-----w- c:\users\eric\appdata\local\{05B3D6C7-799D-4399-9268-A838A93091F9} 2013-03-20 03:06:46 -------- d-----w- c:\users\eric\appdata\local\{0F8DB1A5-F6D3-4696-A39A-45E9F0C29266} 2013-03-14 19:56:05 -------- d-----w- c:\users\eric\appdata\local\{267F1BC7-0702-4A6F-8E37-95F579C68F7D} 2013-03-14 03:26:08 -------- d-----w- c:\users\eric\appdata\local\{D7F0A400-6C88-46AA-AE9D-5FA665B180BA} 2013-03-13 21:01:44 -------- d-----w- c:\programdata\McAfee Security Scan 2013-03-13 21:01:35 -------- d-----w- c:\program files\McAfee Security Scan . ==================== Find3M ==================== . 2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-13 21:01:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 21:01:31 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-28 16:16:46 981504 ----a-w- c:\windows\system32\wininet.dll 2013-02-28 16:16:10 44544 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-28 14:51:56 386048 ----a-w- c:\windows\system32\html.iec 2013-02-28 13:26:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-04 16:50:26 0 ----a-w- c:\windows\system32\shoD144.tmp 2013-01-21 00:02:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-21 00:02:27 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-21 00:02:26 780192 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-20 22:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 22:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . ============= FINISH: 17:22:49.80 =============== "Attach" DDS Report UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/26/2010 5:40:51 PM System Uptime: 4/10/2013 11:33:49 PM (18 hours ago) . Motherboard: Dell Inc. | | Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 927/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 151.346 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ACPI\SMO8800\1 Manufacturer: Name: PNP Device ID: ACPI\SMO8800\1 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet Pro 8500 A909g Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet Pro 8500 A909g PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP570: 3/24/2013 6:37:03 PM - Windows Update RP571: 3/28/2013 3:00:49 AM - Windows Update RP572: 3/31/2013 9:36:07 AM - Windows Update RP573: 4/3/2013 2:43:22 PM - Windows Update RP574: 4/6/2013 5:32:25 PM - Windows Update RP575: 4/7/2013 10:16:50 AM - Removed Vuze Remote Toolbar v7.0. RP576: 4/7/2013 10:19:56 AM - Removed WinZip 17.0 RP577: 4/7/2013 11:12:00 AM - avast! Free Antivirus Setup RP578: 4/10/2013 8:39:14 AM - Windows Update . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Adobe Shockwave Player 11.5 Advanced Audio FX Engine Amazon Cloud Drive Amazon MP3 Downloader 1.0.15 Amazon Music Importer Apple Application Support Apple Mobile Device Support Apple Software Update avast! Internet Security BBroowseu2save Bonjour Bradford Persistent Agent BrowseToSave 1.74 BufferChm D110 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Backup and Recovery Manager Dell Edoc Viewer Dell Touchpad Dell Webcam Central Destinations DeviceDiscovery DJ_SF_06_D1600_SW_Min Dropbox DW WLAN Card Epson Event Manager EPSON NX420 Series Printer Uninstall EPSON Scan EpsonNet Print EpsonNet Setup 3.2 GCalc 3 Google Chrome Google Earth Google Talk (remove only) Google Update Helper GPBaseService2 Hawkes Update Service Manager HP Customer Participation Program 14.0 HP Deskjet D1600 Printer Driver 14.0 Rel. 6 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPPhotoGadget HPProductAssistant HPSSupply Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Internet TV for Windows Media Center iTunes Java 7 Update 11 Java Auto Updater Java 6 Update 31 Junk Mail filter update LG Verizon United Drivers MarketResearch McAfee Security Scan Plus Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network Norton Safe Web Lite Norton Security Scan PowerAgent 7.5.1.19 PowerDVD DX PS_AIO_07_D110_SW_Min QuickSet32 QuickTime QuickTransfer Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shop for HP Supplies Skype™ 6.0 SmartWebPrinting SolutionCenter Statistics (Fall 2011 Student) Status Toolbox TrainingPeaks Device Agent TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VirtualDJ Home FREE WebReg WIDCOMM Bluetooth Software Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 4/11/2013 5:06:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File =========================== Security check report: Results of screen317's Security Check version 0.99.62 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 31 Java 7 Update 11 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Thank you so much for your help once again!
  9. raderic
    Hello, I made the mistake of downloading Privitize software as a part of some torrent files, and now I have searchou showing up everytime I get on the internet. I have uninstalled Privitize, ran anti virus scans with Microsoft Security Essentials and Avast! Internet Security. They have helped with some of the problems, but not with ridding seachou from my internet. Any help is greatly appreciated. Thank you!
  10. raderic
    Ron, Thanks for your quick response. I would really like to post this in the Malware removal forum, but I have just joined simply to fix this problem. I cannot post in that forum yet (minimum post limit not met perhaps?). Thanks again!
  11. raderic
    Hello, I made the mistake of downloading Privitize software as a part of some torrent files, and now I have searchou showing up everytime I get on the internet. I have uninstalled Privitize, ran anti virus scans with Microsoft Security Essentials and Avast! Internet Security. They have helped with some of the problems, but not with ridding seachou from my internet. Any help is greatly appreciated. Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.