onlyoneshoe

Everything continues to be performing as it should without any Norton security threat notifications. I think my computer is in the clear. Do I uninstall the programs by going through the Control Panel -> Uninstall programs or is there a different route I should be taking?

As suggested, I uninstalled Adobe Reader and installed SumatraPDF. I need to keep Java, JRE and JDK installed, so I followed your instructions by running JavaRa to get rid of outdated versions and installed the newest version. I'll post later to give an update if everything is fine but as of right now, there aren't any problems I've encountered. Thank you very much Maurice!

Rkill 2.5.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/05/2013 02:26:12 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Nick\Desktop\rkill\rkill-06-05-2013-02-26-22.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 # AdwCleaner v2.301 - Logfile created 06/05/2013 at 14:28:46 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Nick - NICK-HP # Boot Mode : Normal # Running from : C:\Users\Nick\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Folder Deleted : C:\ProgramData\Browser Manager ***** [Registry] ***** Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Key Deleted : HKCU\Software\5b0d9d8bc6aec48 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Wow6432Node\5b0d9d8bc6aec48 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gkab4j4g.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.94 File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7439 octets] - [03/06/2013 17:37:41] AdwCleaner[s1].txt - [3052 octets] - [05/06/2013 14:28:46] ########## EOF - C:\AdwCleaner[s1].txt - [3112 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Nick :: NICK-HP [administrator] 05/06/2013 2:42:06 PM mbam-log-2013-06-05 (14-42-06).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | P2P Objects scanned: 350199 Time elapsed: 57 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) My system is performing quite well. Maybe the goonsquad is gone or Norton is just taking its time scanning, but there hasn't been any security threat notifications, so something we did seems to have taken care of the problem. I'll update if there is a security notification or if something unusual happens.

RSITs' log.txt: Logfile of random's system information tool 1.09 (written by random/random) Run by Nick at 2013-06-04 17:46:33 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 628 GB (91%) free of 693 GB Total RAM: 5609 MB (67% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:46:39 PM, on 04/06/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16483) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Nick.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apache2.4 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- End of file - 13343 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4049093169-2195071708-3263034772-1001Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4049093169-2195071708-3263034772-1001UA.job C:\Windows\tasks\HPCeeScheduleForNICK-HP$.job C:\Windows\tasks\HPCeeScheduleForNick.job =========Mozilla firefox========= ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gkab4j4g.default "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.5.502.135 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\SysWOW64\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll [2013-02-01 512408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08 69760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL [2012-06-20 210400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-03 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}] CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19 51872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-03 170912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll [2013-02-01 512408] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-02-10 630912] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-08-19 379960] "HP CoolSense"=C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05 1343904] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 116648] C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=0 "EnableInstallerDetection"=0 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "msacm.siren"=sirenacm.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "mixer2"=wdmaud.drv "midi2"=wdmaud.drv "vidc.mjpg"=bdmjpeg.dll "vidc.mpeg"=bdmpegv.dll "msacm.bdmpeg"=bdmpega.acm ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-06-04 17:46:33 ----D---- C:\rsit 2013-06-04 11:45:56 ----D---- C:\Windows\LastGood 2013-06-03 22:12:48 ----D---- C:\Windows\ERUNT 2013-06-03 22:12:20 ----D---- C:\JRT 2013-06-03 22:10:58 ----D---- C:\Windows\ERDNT 2013-06-03 22:10:25 ----D---- C:\Program Files (x86)\ERUNT 2013-06-03 17:37:41 ----A---- C:\AdwCleaner[R1].txt 2013-06-03 17:05:44 ----D---- C:\Program Files (x86)\Trend Micro 2013-06-02 12:56:36 ----A---- C:\Windows\ntbtlog.txt 2013-06-02 03:04:26 ----A---- C:\Windows\SysWOW64\mshtml.dll 2013-06-02 03:01:36 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2013-06-02 03:01:35 ----A---- C:\Windows\SysWOW64\vbscript.dll 2013-06-02 03:01:34 ----A---- C:\Windows\SysWOW64\iertutil.dll 2013-06-02 03:01:31 ----A---- C:\Windows\SysWOW64\ieui.dll 2013-06-02 03:01:30 ----A---- C:\Windows\SysWOW64\url.dll 2013-06-02 03:01:30 ----A---- C:\Windows\SysWOW64\ieUnatt.exe 2013-06-02 03:01:29 ----A---- C:\Windows\SysWOW64\urlmon.dll 2013-06-02 03:01:28 ----A---- C:\Windows\SysWOW64\wininet.dll 2013-06-02 03:01:28 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2013-06-02 03:01:27 ----A---- C:\Windows\SysWOW64\jscript9.dll 2013-06-02 03:01:27 ----A---- C:\Windows\SysWOW64\jscript.dll 2013-06-02 03:01:25 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2013-06-02 03:01:17 ----A---- C:\Windows\SysWOW64\ieframe.dll 2013-05-15 13:40:50 ----A---- C:\Windows\SysWOW64\shell32.dll 2013-05-15 13:40:49 ----A---- C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 13:40:49 ----A---- C:\Windows\SysWOW64\authui.dll 2013-05-11 14:08:59 ----D---- C:\Users\Nick\AppData\Roaming\BANDISOFT 2013-05-11 14:08:39 ----D---- C:\Program Files (x86)\Bandicam 2013-05-11 14:08:36 ----D---- C:\Program Files (x86)\BandiMPEG1 ======List of files/folders modified in the last 1 month====== 2013-06-04 17:46:34 ----D---- C:\Windows\Temp 2013-06-04 17:46:09 ----D---- C:\Windows\Tasks 2013-06-04 11:46:06 ----D---- C:\ProgramData\Hewlett-Packard 2013-06-04 11:46:05 ----SHD---- C:\Windows\Installer 2013-06-04 11:45:56 ----D---- C:\Windows\System32 2013-06-04 11:45:56 ----D---- C:\Windows 2013-06-04 11:45:55 ----D---- C:\Windows\inf 2013-06-04 11:45:50 ----D---- C:\Program Files (x86)\Hewlett-Packard 2013-06-04 11:45:27 ----D---- C:\SWSetup 2013-06-04 11:43:22 ----SHD---- C:\System Volume Information 2013-06-04 04:18:41 ----D---- C:\Users\Nick\AppData\Roaming\Skype 2013-06-04 03:46:11 ----AD---- C:\Program Files (x86)\MicroVolts 2013-06-04 01:31:29 ----D---- C:\Windows\SysWOW64\drivers 2013-06-03 22:19:05 ----D---- C:\Program Files (x86) 2013-06-03 22:18:59 ----HD---- C:\ProgramData 2013-06-03 19:59:23 ----RSD---- C:\Windows\assembly 2013-06-03 19:59:23 ----D---- C:\Windows\Microsoft.NET 2013-06-03 17:52:39 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-06-03 17:09:21 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-02 12:39:53 ----D---- C:\ProgramData\Norton 2013-06-02 03:38:43 ----D---- C:\Windows\winsxs 2013-06-02 03:35:32 ----D---- C:\Windows\AppPatch 2013-06-02 03:35:31 ----D---- C:\Windows\SysWOW64\en-US 2013-06-02 03:35:31 ----D---- C:\Windows\SysWOW64 2013-06-02 03:35:30 ----D---- C:\Windows\SysWOW64\migration 2013-06-02 03:35:30 ----D---- C:\Program Files (x86)\Internet Explorer 2013-06-02 03:17:35 ----D---- C:\ProgramData\Microsoft Help 2013-06-02 03:17:29 ----A---- C:\Windows\vbaddin.ini 2013-06-02 03:11:32 ----D---- C:\Windows\Prefetch 2013-05-31 22:08:06 ----D---- C:\ProgramData\Browser Manager 2013-05-19 00:08:56 ----D---- C:\ProgramData\Skype 2013-05-19 00:08:38 ----RD---- C:\Program Files (x86)\Skype 2013-05-16 19:19:03 ----D---- C:\Windows\rescache 2013-05-10 22:23:22 ----RD---- C:\Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 amd_sata;amd_sata; C:\Windows\system32\drivers\amd_sata.sys [] R0 amd_xata;amd_xata; C:\Windows\system32\drivers\amd_xata.sys [] R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\drivers\amdkmpfd.sys [] R0 hpdskflt;HP Filter; C:\Windows\system32\drivers\hpdskflt.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS [] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680] R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [] R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver; C:\Windows\System32\Drivers\CSN5PDTS82x64.sys [] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130601.001\IDSvia64.sys [2012-11-01 513184] R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [] R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [] R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [] R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [] R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [] R3 amdiox64;AMD IO Driver; C:\Windows\system32\drivers\amdiox64.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [] R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [] R3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [] R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\drivers\btath_bus.sys [] R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\drivers\btath_hcrp.sys [] R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [] R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\drivers\btath_rcp.sys [] R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [] R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [] R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [] R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [] R3 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2013-05-25 484512] R3 EraserUtilDrv11220;EraserUtilDrv11220; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2013-05-25 138912] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130604.003\ENG64.SYS [2013-05-25 126040] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130604.003\EX64.SYS [2013-05-25 2098776] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\drivers\SynTP.sys [] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [] S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver; C:\Windows\System32\Drivers\CSN5PDTS82.sys [] S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [] S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [] S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-05 138912] S3 lehidmini;Bluetooth Low Energy Hid Device; C:\Windows\system32\drivers\leath_hid.sys [] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [] S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [] S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [] S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-10 361984] R2 Apache2.4;Apache2.4; C:\xampp\apache\bin\httpd.exe [2012-08-18 22016] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184] R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184] R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 HPAuto;HP Auto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] R2 mysql;mysql; C:\xampp\mysql\bin\mysqld.exe [2012-07-20 8186368] R2 N360;Norton 360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe [2012-06-15 138272] R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-01-04 311808] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-09-06 1001376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 641504] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-22 115608] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF----------------- RSIT's info.txt: info.txt logfile of random's system information tool 1.09 2013-06-04 17:46:42 ======Uninstall list====== -->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Battlestar Galactica Online\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Build-A-Lot Metropolis\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - It Girl!\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Mahjongg Dark Dimensions\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Odd Manor\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Organized Crime\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Penguin World\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Polar Bowler Strike!\Uninstall.exe" -->"C:\Program Files (x86)\HP Games\Web Link - Salon Street\Uninstall.exe" 4K YouTube to MP3 2.0-->"C:\Program Files (x86)\4KDownload\YouTubeToMP3\unins000.exe" Active@ ISO Burner-->"C:\Program Files (x86)\InstallShield Installation Information\{7694E0B1-2332-448B-9235-929F84B41E3F}\setup.exe" -runfromtemp -l0x0009 -removeonly Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin Adobe Reader X (10.1.0) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Adobe Reader X (10.1.4)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Adobe Shockwave Player 11.6-->"C:\Windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe" Apple Application Support-->MsiExec.exe /I{CCE825DB-347A-4004-A186-5F4A6FDD8547} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\Setup.exe" -runfromtemp -removeonly Bandicam-->"C:\Program Files (x86)\Bandicam\uninstall.exe" Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe" Blackboard IM 4.1.0-C-->C:\Program Files (x86)\Blackboard\Blackboard IM\uninst.exe Browser Manager-->"C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe" /Uninstall /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} /su=683337eed7d63b2b /um Catalyst Control Center - Branding-->MsiExec.exe /I{31BF9CD1-A904-43B5-A236-53E5E908AD0E} Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9} Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE} Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640} Colasoft Packet Builder 1.0-->"C:\Program Files (x86)\Colasoft Packet Builder 1.0\unins000.exe" Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3} CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe" ESU for Microsoft Windows 7 SP1-->MsiExec.exe /I{768A6276-5822-489C-8A2B-67190F745655} FileZilla Client 3.5.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710} Hewlett-Packard ACLM.NET v1.2.1.1-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} HP CoolSense-->MsiExec.exe /I{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F} HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544} HP Documentation-->MsiExec.exe /X{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C} HP On Screen Display-->MsiExec.exe /I{ED1BD69A-07E3-418C-91F1-D856582581BF} HP Power Manager-->MsiExec.exe /I{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB} HP Quick Launch-->MsiExec.exe /I{53B17A98-5BF0-40BC-AAFF-850A357975AC} HP Recovery Manager-->MsiExec.exe /I{DBCD5E64-7379-4648-9444-8A6558DCB614} HP Setup Manager-->MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C} HP Setup-->MsiExec.exe /I{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} HP Software Framework-->MsiExec.exe /X{675D093B-815D-47FD-AB2C-192EC751E8E2} HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe" -runfromtemp -l0x0409 -removeonly IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly ImageBoost v1.1-->C:\Program Files (x86)\ImageBoost v1.1\Uninstall.exe IZArc 4.1.7-->"C:\Program Files (x86)\IZArc\unins000.exe" Java 7 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217017FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Codec Pack 8.7.0 (Basic)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Malwarebytes Anti-Malware version 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E} MicroVolts-->"C:\Program Files (x86)\MicroVolts\unins000.exe" Mozilla Firefox 18.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MySQL Server 5.5-->MsiExec.exe /I{FFD35D1F-F7C8-47AE-AF3E-E569F025CD7D} Norton 360 Premier Edition-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\2454B0AB\6.4.1.14\InstStub.exe /X /ARP Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe opensource-->MsiExec.exe /I{3677D4D8-E5E0-49FC-B86E-06541CF00BBE} PaperCut NG Client 11.2-->MsiExec.exe /I{CAEFDCE5-D425-41BD-9122-ECC0D357F924} PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly Secure Download Manager-->MsiExec.exe /I{4A5667B2-5D13-46C2-85B5-9D46A6096F61} Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended VLC media player 2.0.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441} Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5} Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24} Windows Live Messenger-->MsiExec.exe /X{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe Wireshark 1.8.4 (64-bit)-->"C:\Program Files\Wireshark\uninstall.exe" XAMPP 1.8.1-->"c:\xampp\uninstall.exe" =====Application event log===== Computer Name: Nick-HP Event Code: 1000 Message: Faulting application name: Microvolts.exe, version: 0.9.4.48, time stamp: 0x519f539f Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0004ff2b Faulting process id: 0x44c Faulting application start time: 0x01ce60e4bf6286fc Faulting application path: C:\Program Files (x86)\MicroVolts\bin\Microvolts.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: d2c410c3-ccef-11e2-b734-74e543a85f99 Record Number: 18352 Source Name: Application Error Time Written: 20130604082158.000000-000 Event Type: Error User: Computer Name: Nick-HP Event Code: 100 Message: Task Scheduling Error: m->NextScheduledSPRetry 2589 Record Number: 18346 Source Name: Bonjour Service Time Written: 20130604033317.000000-000 Event Type: Error User: Computer Name: Nick-HP Event Code: 100 Message: Task Scheduling Error: m->NextScheduledEvent 2589 Record Number: 18345 Source Name: Bonjour Service Time Written: 20130604033317.000000-000 Event Type: Error User: Computer Name: Nick-HP Event Code: 100 Message: Task Scheduling Error: Continuously busy for more than a second Record Number: 18344 Source Name: Bonjour Service Time Written: 20130604033317.000000-000 Event Type: Error User: Computer Name: Nick-HP Event Code: 0 Message: Record Number: 18341 Source Name: HP Client Services Time Written: 20130604022312.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: Nick-HP Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: NICK-HP$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-4049093169-2195071708-3263034772-1001 Account Name: Nick Account Domain: Nick-HP Logon ID: 0x13859f1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: NICK-HP Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 18206 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130604033410.223258-000 Event Type: Audit Success User: Computer Name: Nick-HP Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: NICK-HP$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Nick Account Domain: Nick-HP Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 18205 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130604033410.223258-000 Event Type: Audit Success User: Computer Name: Nick-HP Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 18204 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130604022352.664182-000 Event Type: Audit Success User: Computer Name: Nick-HP Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: NICK-HP$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 18203 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130604022352.664182-000 Event Type: Audit Success User: Computer Name: Nick-HP Event Code: 1102 Message: The audit log was cleared. Subject: Security ID: S-1-5-21-4049093169-2195071708-3263034772-1001 Account Name: Nick Domain Name: Nick-HP Logon ID: 0x31716 Record Number: 18202 Source Name: Microsoft-Windows-Eventlog Time Written: 20130604022141.251145-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\MySQL\MySQL Server 5.5\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=21 "PROCESSOR_IDENTIFIER"=AMD64 Family 21 Model 16 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=1001 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 "OnlineServices"=Online Services "Platform"=MCD "PCBRAND"=Pavilion "AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\ "asl.log"=Destination=file -----------------EOF----------------- Checkup.txt: UNSUPPORTED OPERATING SYSTEM! ABORTED! I ran SecurityCheck more than once but I got the same result each time. QuickScan 32-bit v0.9.9.118 --------------------------- Scan date: Tue Jun 04 18:13:04 2013 Machine ID: 6718F09 No infection found. ------------------- Processes --------- (unsigned) Ath_Coex Application 2420 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (unsigned) Apache HTTP Server 1356 C:\xampp\apache\bin\httpd.exe (unsigned) Apache HTTP Server 2872 C:\xampp\apache\bin\httpd.exe (unsigned) mysqld.exe 2060 C:\xampp\mysql\bin\mysqld.exe (verified) Adobe Acrobat Update Service 1928 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (verified) HP CoolSense 4352 C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (verified) HP On Screen Display 5092 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (verified) HP Quick Launch 1704 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (verified) HP Software Framework 832 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (verified) Java Platform SE Auto Updater 2 0 5936 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (verified) Java Platform SE Auto Updater 2 0 4464 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (verified) MobileDeviceService 1656 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (verified) Symantec Security Technologies 2096 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe (verified) Symantec Security Technologies 4192 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe (verified) Windows® Internet Explorer 4044 C:\Program Files (x86)\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 6612 C:\Program Files (x86)\Internet Explorer\iexplore.exe (verified) YCMMirag Application 5620 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe Network activity ---------------- Process iexplore.exe (6612) connected on port 80 (HTTP) --> 173.194.43.95 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 173.194.43.95 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 96.16.47.139 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 96.16.47.139 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 66.235.142.2 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 66.235.142.2 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 173.194.43.70 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 173.194.43.70 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 64.94.107.18 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 24.226.16.75 Process iexplore.exe (6612) connected on port 80 (HTTP) --> 24.226.16.75 Process iexplore.exe (6612) connected on port 443 (HTTP over SSL) --> 96.7.202.110 Process iexplore.exe (6612) connected on port 443 (HTTP over SSL) --> 96.7.202.110 Process httpd.exe (1356) listens on ports: 80 (HTTP), 443 (HTTP over SSL) Process mysqld.exe (2060) listens on ports: 3306 (MySQL) Autoruns and critical files --------------------------- (verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified) AUTOBACK.EXE C:\Program Files (x86)\ERUNT\AUTOBACK.EXE (verified) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (verified) Google Update C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe (verified) HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (verified) HP CoolSense C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (verified) HP On Screen Display C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (verified) Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe Browser plugins --------------- (unsigned) Bluetooth Software C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (unsigned) Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (unsigned) VLC Web Plugin C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (verified) AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll (verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll (verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll (verified) Google Update C:\Users\Nick\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (verified) HP Network Check c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll (verified) Java Deployment Toolkit 7.0.170.2 C:\Windows\SysWOW64\npDeployJava1.dll (verified) Java Platform SE 7 U17 C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (verified) Java Platform SE 7 U17 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (verified) Java Platform SE 7 U17 C:\Program Files (x86)\Java\jre7\bin\ssv.dll (verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll (verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll (verified) Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll (verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (verified) Microsoft® Windows® Operating System C:\Windows\system32\MSWSOCK.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll (verified) NCLauncherFromIE C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (verified) Norton Confidential C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll (verified) Norton Confidential C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\npcoplgn.dll (verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll (verified) NPSWF32_11_5_502_135.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll (verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll (verified) Steady Video C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (verified) Symantec Intrusion Detection C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL (verified) Windows Live Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll Scan ---- MD5: 86f8a0a8d59d0ae2b1096f3103f0e0ad C:\Program Files (x86)\Bluetooth Suite\adminservice.exe MD5: a5b25e310678175f4779499fff7d0994 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe MD5: eb460a4fe007102a5917c6a8c70ba7fd C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll MD5: 66aa43f07dee7fe8f22d955e06a1fb0b C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MD5: bb1fc298be53aab1e110f6e786bd8ac5 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe MD5: 9053fb3e5a6dda6ed0c77c8e103fb239 C:\PROGRAM FILES (X86)\NORTON 360 PREMIER EDITION\ENGINE\6.4.1.14\LUE.DLL MD5: 94fda1f2b9353b52627d5b81f83031f4 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\NUMEng.dll MD5: c7794a997cec29173a4401f3ae16c51f C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll MD5: e3f5e1e7b7259c367f7b5974ca5a8048 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll MD5: 6846d2ca7e1d5937aee3f99bb7f5464b C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll MD5: ac81bd5058b5a93212f7a3223e856b85 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_160.ocx MD5: 2467e63fc4f5831898a57fa3482eafd5 C:\xampp\apache\bin\httpd.exe MD5: ab66158e6a12e324f80904085bbc5a03 C:\xampp\apache\bin\libapr-1.dll MD5: 3f8d7a5f3ebbbeb4f5f1cc65d3d01ec9 C:\xampp\apache\bin\libapriconv-1.dll MD5: 3964d4ea85b4881f6bc763aef5d93323 C:\xampp\apache\bin\libaprutil-1.dll MD5: bca0ad072d60b5c4257b0b63016d90dc C:\xampp\apache\bin\LIBEAY32.dll MD5: 8b7512e6661e039d51f44f1ef5a56c48 C:\xampp\apache\bin\libhttpd.dll MD5: 74a1f323c84baaf6c982768c86fe1fa1 C:\xampp\apache\bin\pcre.dll MD5: 746fa48d177c7020f9caa92149da8ce3 C:\xampp\apache\bin\SSLEAY32.dll MD5: 17aeed2e043a3f6f326097263c3d38c2 C:\xampp\apache\modules\mod_access_compat.so MD5: a58973f0bf00a691bc06b340786c8933 C:\xampp\apache\modules\mod_actions.so MD5: 575a9ffce0c0d612158f3138def42932 C:\xampp\apache\modules\mod_alias.so MD5: 4422d067469b486cc7cba6cd635bbde5 C:\xampp\apache\modules\mod_allowmethods.so MD5: ab82d68cbd3c8d488a2c3152bdf48f2e C:\xampp\apache\modules\mod_asis.so MD5: 5302cbe3f5bbb2ed863eec23e0126592 C:\xampp\apache\modules\mod_auth_basic.so MD5: 615983feba5f2be8a596c9f6b7fc72d4 C:\xampp\apache\modules\mod_authn_core.so MD5: 265898ed439f85182e0cf7f8648c7db5 C:\xampp\apache\modules\mod_authn_file.so MD5: 684a7afcdceb460c4165b128ea953dae C:\xampp\apache\modules\mod_authz_core.so MD5: 87a32aac0199f2b529e81339fb78d046 C:\xampp\apache\modules\mod_authz_groupfile.so MD5: bec94c1b43e32258db4ef0975767b1dc C:\xampp\apache\modules\mod_authz_host.so MD5: abfa200c100a992e09b4087d3cc84a44 C:\xampp\apache\modules\mod_authz_user.so MD5: a9c7a14c984893d134103f8f6bd5b8c4 C:\xampp\apache\modules\mod_autoindex.so MD5: 7a5fd1aea4ddae8a41cbbcbc9beafa4a C:\xampp\apache\modules\mod_cache.so MD5: fe77532cfc66be70f9d0badcb67ebdd4 C:\xampp\apache\modules\mod_cache_disk.so MD5: f6fa6a80cc16d43142ab61d4412f7cce C:\xampp\apache\modules\mod_cgi.so MD5: ce901ad2c7c80f7ec17c01cf9d7fee46 C:\xampp\apache\modules\mod_dav.so MD5: c40eb9ffb4cf98fbeafbbada09302acc C:\xampp\apache\modules\mod_dav_lock.so MD5: dbc7d34a686a21507a06f52fc7a77e97 C:\xampp\apache\modules\mod_dir.so MD5: fb4a25a3bc3f7cc3cdade576686e3d12 C:\xampp\apache\modules\mod_env.so MD5: 9949f38633c9a39076291263a23dedf1 C:\xampp\apache\modules\mod_headers.so MD5: b1bc3d319d03a9dac3d61d3dbbf9c327 C:\xampp\apache\modules\mod_include.so MD5: d5952a247340cbcc193d6e0430ee24f5 C:\xampp\apache\modules\mod_info.so MD5: 8352a8f54b32ed7f17cc7e3327b862b0 C:\xampp\apache\modules\mod_isapi.so MD5: db219bb7f9773265183c70678acf2e14 C:\xampp\apache\modules\mod_log_config.so MD5: c6430a0d7f803dc482b81ca4b9023a69 C:\xampp\apache\modules\mod_mime.so MD5: d6c46ab75b55d8ffc20dd4a23e5b9691 C:\xampp\apache\modules\mod_negotiation.so MD5: b59880bffcc7b3fa2fdd98ca64fe3112 C:\xampp\apache\modules\mod_proxy.so MD5: 2063e93eef8e63ea9010f99df6ac8a92 C:\xampp\apache\modules\mod_proxy_ajp.so MD5: b0a4af6195f0b57dff66f3678cf7db82 C:\xampp\apache\modules\mod_rewrite.so MD5: 1c1a5c07b5a99b9f31d2bdeefd5cce0a C:\xampp\apache\modules\mod_setenvif.so MD5: 84f592306df5dd0612bfd3d75e683c49 C:\xampp\apache\modules\mod_ssl.so MD5: 9774b70e1400bd47b58ff9be447d9615 C:\xampp\apache\modules\mod_status.so MD5: f7f7bfe985414a8b2d9b015741d21cfb C:\xampp\mysql\bin\mysqld.exe MD5: 601b1d39d25d2d421e206097862bf967 C:\xampp\php\ext\php_bz2.dll MD5: 119c20b9db6b0903831a463774d82141 C:\xampp\php\ext\php_curl.dll MD5: 6cfb73aa6b17023067c8cd2dac8b7967 C:\xampp\php\ext\php_exif.dll MD5: e4dd7f8a7fb81641f2908ceca94efc0f C:\xampp\php\ext\php_gd2.dll MD5: 8ec5e6efa67284032c321e27a5d37d13 C:\xampp\php\ext\php_gettext.dll MD5: 433cfd7e6a6d67ce661c8fb75678df41 C:\xampp\php\ext\php_mbstring.dll MD5: 1349f1a01e7465b4c4c071c1290dabc9 C:\xampp\php\ext\php_mysql.dll MD5: fe4fb3fd14b9b76218ddbf79623a3fbc C:\xampp\php\ext\php_mysqli.dll MD5: 4033c133d793a7e7942cb1f54af13b5d C:\xampp\php\ext\php_pdo_mysql.dll MD5: 14074d86f9feb9102cd2187770f4d041 C:\xampp\php\ext\php_pdo_sqlite.dll MD5: a6962bca6bc3205fc6bfb592f58d5f6c C:\xampp\php\ext\php_soap.dll MD5: 5c976bb4d632cf8c4644dca1cc652192 C:\xampp\php\ext\php_sockets.dll MD5: 0f1afa32f99bf9caa73ef5cb6f31d4a9 C:\xampp\php\ext\php_sqlite3.dll MD5: 6b60b05f97f02487a97e7068c53b992f C:\xampp\php\ext\php_xmlrpc.dll MD5: 0b82294945469a83aa5102984693fa5b C:\xampp\php\ext\php_xsl.dll MD5: 20da839aa80f4c0a5e9bbdb5f466faf4 C:\xampp\php\php5apache2_4.dll MD5: 73a961a34eb5ab376e1f422ba8ed0abb C:\xampp\php\php5ts.dll No file uploaded. Scan finished - communication took 1 sec Total traffic - 0.00 MB sent, 0.31 KB recvd Scanned 510 files and modules - 6 seconds ============================================================================== RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Nick [Admin rights] Mode : Scan -- Date : 06/04/2013 17:59:16 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7575GSX SATA Disk Device +++++ --- User --- [MBR] 5a4f981ae124c8aa544b8fa514bee7f3 [bSP] f2c636bd7d5dea4ce61a11bee3d48e32 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 693324 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1420337152 | Size: 21777 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_06042013_02d1759.txt >> RKreport[1]_S_06042013_02d1759.txt I was completely unaware that my computer didn't have service pack 3. Is there a link where I can download it from? Also, since some of the scans say there is no infection (such as the one from BitDefender), are the other scans meant to verify that there is no infection? Before doing these scans, I still got the Norton notification about the Adware.GoonSquad. Have these recent scans also deleted it or are we building up an attack to get rid of it?

Thank you for your detailed instructions Maurice, I have pasted the log files below from the JRT, DDS and attach txt documents. JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Nick on 03/06/2013 at 22:12:50.71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-4049093169-2195071708-3263034772-1001\software\web assistant" Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsermngr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsermngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibar_installer_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibar_installer_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\windows\currentversion\ext\preapproved\{11111111-1111-1111-1111-110011431152} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012832.BHO Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012832.FBApi Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012832.FBApi.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012832.Sandbox Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0012832.Sandbox.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0012832.BHO Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0012832.FBApi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0012832.FBApi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0012832.Sandbox Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0012832.Sandbox.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220122282232} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33333333-3333-3333-3333-330133283332} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220122282232} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{33333333-3333-3333-3333-330133283332} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{57F7E574-8CBA-46CC-847D-7FFD91E2D9C8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{57F7E574-8CBA-46CC-847D-7FFD91E2D9C8} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} ~~~ Files Successfully deleted: [File] "C:\end" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Failed to delete: [Folder] "C:\ProgramData\browser manager" Successfully deleted: [Folder] "C:\Users\Nick\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\Nick\AppData\Roaming\goforfiles" Successfully deleted: [Folder] "C:\Users\Nick\AppData\Roaming\yourfiledownloader" Successfully deleted: [Folder] "C:\Users\Nick\appdata\locallow\babylontoolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\goforfiles" Successfully deleted: [Folder] "C:\Program Files (x86)\perion" Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer" Successfully deleted: [Folder] "C:\Users\Nick\AppData\Roaming\microsoft\windows\start menu\programs\browser manager" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [File] C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\gkab4j4g.default\bprotector_extensions.sqlite Successfully deleted: [File] C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\gkab4j4g.default\bprotector_prefs.js Successfully deleted: [Folder] C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\gkab4j4g.default\extensions\crossriderapp12832@crossrider.com Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403A-B9D2-65C292C39087} Successfully deleted the following from C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\gkab4j4g.default\prefs.js user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112564&tt=120912_pcp_3912_6&babsrc=HP_ss&mntrId=06718f0900000000000074e543a85f99"); user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); user_pref("browser.search.order.1", "Search the web (Babylon)"); user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112564&tt=120912_pcp_3912_6&babsrc=HP_ss&mntrId=06718f0900000000000074e543a85f99"); user_pref("extensions.crossriderapp12832.adsOldValue", -1); Emptied folder: C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\gkab4j4g.default\minidumps [29 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03/06/2013 at 22:21:56.85 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Attach.txt log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 01/09/2012 8:12:53 PM System Uptime: 03/06/2013 7:54:36 PM (3 hours ago) . Motherboard: Hewlett-Packard | | 184A Processor: AMD A6-4400M APU with Radeon HD Graphics | Socket FT1 | 1377/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 677 GiB total, 613.821 GiB free. D: is FIXED (NTFS) - 21 GiB total, 2.267 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP84: 25/04/2013 3:00:13 AM - Windows Update RP85: 16/05/2013 3:00:29 AM - Windows Update RP86: 16/05/2013 11:53:28 AM - Windows Modules Installer RP87: 24/05/2013 5:31:39 PM - Scheduled Checkpoint RP88: 31/05/2013 8:18:35 PM - Scheduled Checkpoint RP89: 02/06/2013 3:00:31 AM - Windows Update RP90: 03/06/2013 5:05:14 PM - Installed HiJackThis . ==== Installed Programs ====================== . 4K YouTube to MP3 2.0 Active@ ISO Burner Adobe Flash Player 11 ActiveX 64-bit Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) MUI Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD Steady Video Plug-In AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Bluetooth Suite (64) Atheros Driver Installation Program Bandicam Bandisoft MPEG-1 Decoder Blackboard IM 4.1.0-C Bonjour Browser Manager Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Colasoft Packet Builder 1.0 Contrôle ActiveX Windows Live Mesh pour connexions à distance CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition ERUNT 1.1j ESU for Microsoft Windows 7 SP1 FileZilla Client 3.5.3 Galerie de photos Windows Live Google Chrome Hewlett-Packard ACLM.NET v1.2.1.1 HiJackThis HP 3D DriveGuard HP Auto HP Client Services HP CoolSense HP Customer Experience Enhancements HP Documentation HP Launch Box HP On Screen Display HP Power Manager HP Quick Launch HP Recovery Manager HP Security Assistant HP Setup HP Setup Manager HP Software Framework HP Support Assistant IDT Audio ImageBoost v1.1 iTunes IZArc 4.1.7 Java 7 Update 17 Java 7 Update 7 (64-bit) Java Auto Updater Java SE Development Kit 7 Update 7 (64-bit) Junk Mail filter update K-Lite Codec Pack 8.7.0 (Basic) Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Language Pack Service Pack 1 (SP1) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Visio 2010 Microsoft Office Visio MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visio 2010 Service Pack 1 (SP1) Microsoft Visio Professional 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MicroVolts Mozilla Firefox 18.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MySQL Server 5.5 NetBeans IDE 7.2.1 Norton 360 Premier Edition Notepad++ opensource PaperCut NG Client 11.2 PlayReady PC Runtime x86 Realtek Ethernet Controller Driver Realtek PCIE Card Reader Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Skype™ 6.3 swMSM Synaptics Pointing Device Driver TrueCrypt Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition VLC media player 2.0.4 Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.2 Wireshark 1.8.4 (64-bit) XAMPP 1.8.1 . ==== End Of File =========================== DDS.txt log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2 Run by Nick at 22:23:10 on 2013-06-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5609.3792 [GMT -4:00] . AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\xampp\apache\bin\httpd.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\xampp\mysql\bin\mysqld.exe C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Windows\system32\taskhost.exe C:\xampp\apache\bin\httpd.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\taskeng.exe C:\Users\Nick\Downloads\JRT.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\explorer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\notepad.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll uRun: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:0 mPolicies-System: EnableInstallerDetection = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{2ABB4B2E-C6FD-427F-A890-1728056223D7} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{2ABB4B2E-C6FD-427F-A890-1728056223D7}\35865627964616E602745756374702143636563737 : DHCPNameServer = 142.55.2.28 TCP: Interfaces\{A838543A-3253-4EB6-BC3F-6D3AE481C0E4} : DHCPNameServer = 142.55.233.26 142.55.130.26 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gkab4j4g.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624] R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604010.00E\symds64.sys [2013-2-6 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604010.00E\symefa64.sys [2013-2-6 1129120] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-5-20 1390680] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys [2013-2-6 167072] R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;C:\Windows\System32\drivers\CSN5PDTS82x64.sys [2013-1-24 34840] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130601.001\IDSviA64.sys [2013-6-3 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\ironx64.sys [2013-2-6 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\symnets.sys [2013-2-6 405624] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-10 235520] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-10 361984] R2 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-8-18 22016] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe [2013-2-6 138272] R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880] R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-8-5 46136] R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-1-19 36000] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-1-19 339616] R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-1-19 110752] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-1-19 30368] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-1-19 167584] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-1-19 68256] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-1-19 280992] R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-1-19 550560] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 EraserUtilDrv11220;EraserUtilDrv11220;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2013-6-3 138912] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-8-5 258664] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-5 565352] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-8-5 56448] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-1-19 51872] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-5 138912] S3 lehidmini;Bluetooth Low Energy Hid Device;C:\Windows\System32\drivers\leath_hid.sys [2012-1-19 36128] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-5 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-06-04 02:12:48 -------- d-----w- C:\Windows\ERUNT 2013-06-04 02:12:20 -------- d-----w- C:\JRT 2013-06-03 21:08:53 -------- d-----w- C:\Users\Nick\AppData\Local\Programs 2013-06-03 21:05:44 388096 ----a-r- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-03 21:05:44 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-06-02 16:39:49 -------- d-----w- C:\Users\Nick\AppData\Local\NPE 2013-06-02 07:04:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-02 07:04:22 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-15 17:41:03 983912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-15 17:41:03 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-15 17:40:50 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-15 17:40:49 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-15 17:40:49 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-15 17:40:49 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-15 17:40:42 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-05-15 17:40:42 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-05-15 17:40:41 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-05-11 18:08:59 -------- d-----w- C:\Users\Nick\AppData\Roaming\BANDISOFT 2013-05-11 18:08:39 -------- d-----w- C:\Program Files (x86)\Bandicam 2013-05-11 18:08:36 -------- d-----w- C:\Program Files (x86)\BandiMPEG1 . ==================== Find3M ==================== . 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-11 18:57:48 0 ----a-w- C:\Users\Nick\.uc-3273fe9c41494ce7f21d31cbc126fed0.nick.nick-hp.tmp 2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-03 21:03:24 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-03 21:03:23 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-04-03 21:03:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2012-11-17 09:39:33 1205668720 ----a-w- C:\Program Files (x86)\MicroVolts_0.8.12.28_ENG.exe . ============= FINISH: 22:23:49.32 ===============

For the last 2 days, I've been getting security threat notifications from Norton about Adware.GoonSquad. I told Norton to fix it and restarted my computer as instructed but no matter how many times I do this, the same security alert keeps popping up. I've had Norton fix the file and restarted my computer 5 times already. I downloaded Norton Power Eraser but it found nothing malicious. I scanned my computer with Malwarebytes but it too found nothing malicious. I also scanned it with HJT and AdwCleaner by Xplode. According to Norton, the infected file is browsemngr.exe found at C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}. I haven't deleted it because I looked online and different forums suggested it isn't harmful, so I'm confused on what to do or whether Norton is incorrectly detecting a threat. My computer performs normally, there are no performance issues, other than the occasional Norton security notification. HJT log file: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:06:32 PM, on 03/06/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16483) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file) O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\coIEPlg.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\261249~1.132\{16cdf~1\browse~1.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apache2.4 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- End of file - 13554 bytes AdwCleaner log file: # AdwCleaner v2.301 - Logfile created 06/03/2013 at 17:37:41 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Nick - NICK-HP # Boot Mode : Normal # Running from : C:\Users\Nick\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\user.js File Found : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Found : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gkab4j4g.default\bprotector_extensions.sqlite File Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gkab4j4g.default\bprotector_prefs.js Folder Found : C:\Program Files (x86)\Perion Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Folder Found : C:\Users\Nick\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Nick\AppData\Roaming\Babylon Folder Found : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Folder Found : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gkab4j4g.default\extensions\crossriderapp12832@crossrider.com Folder Found : C:\Users\Nick\AppData\Roaming\yourfiledownloader ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\BrowserMngr Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Key Found : HKCU\Software\YourFileDownloader Key Found : HKCU\Software\5b0d9d8bc6aec48 Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BrowserMngr Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012832.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012832.FBApi Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012832.FBApi.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012832.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012832.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\Software\Web Assistant Key Found : HKLM\SOFTWARE\Wow6432Node\5b0d9d8bc6aec48 Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Found : HKLM\Software\YourFileDownloader Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Web Assistant Key Found : HKU\S-1-5-21-4049093169-2195071708-3263034772-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-4049093169-2195071708-3263034772-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page] Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112564&tt=120912_pcp_3912_6&babsrc=HP_ss&mntrId=06718f0900000000000074e543a85f99 [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=112564&tt=120912_pcp_3912_6&babsrc=HP_ss&mntrId=06718f0900000000000074e543a85f99 -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\gkab4j4g.default\prefs.js Found : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112564&tt=120912_pcp_3912_[...] Found : user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112564&tt=120912_pcp_3912_6&[...] Found : user_pref("extensions.crossriderapp12832.adsOldValue", -1); -\\ Google Chrome v27.0.1453.94 File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7326 octets] - [03/06/2013 17:37:41] ########## EOF - C:\AdwCleaner[R1].txt - [7386 octets] ##########