Jump to content

labman

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by labman

  1. labman

    Thanks for the great assistance with Spigot/Slick Saver MrC - much appreciated!!

  2. labman
    Took care of ComboFix, ran OTC, FRST with fixlist.txt, some manual clean up, clean registry of Slick Saver entries and eliminating IObit programs since that is where this originated from. All appears to be good. Thanks for your help MrC - much appreciated.
  3. labman
    Content of checkup.txt Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.9.900.170 Mozilla Firefox 8.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe IObit IObit Malware Fighter IMFsrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. labman
    MrC - prior to getting your latest response I decided to reset my FF setting to their default values utlizing FF's troubleshooting tab in the help menu. It saved my favorites/bookmarks, I closed FF and the default (FF start page came up) no more spigot-yahoo search!!! To verify the change was not related to something that would load upon reboot I performed a restart and it remained FF start page upon starting. My IE is staying with its default page as well - so I believe we may be good. Would you still like me to download the OTL and do a scan? Like others, I believe this came from an IObit update, IObit Smart defrag 3 was updated and then this problem occurred - should I remove IOBIT? When this update happened it brought with it Spigot and Slick Savings Coupons. Spigot appears to be totally gone now even from my registry, however there are still 20+ hits in my registry for Slick Savings should these be removed? Thanks for your help!!
  5. labman
    ASC does have a homepage protect feature - I turned this off prior to the FRST.exe fix and checked it afterward and it is still off. Not sure why FF is not showing up, that is the browser I use 99% of the time (v 27.0.1), then IE I have never used Chrome and don't believe it is installed as a browser although some Chrome files are present. The is still my browser homepage in FF http://search.yahoo.com/?type=541231&fr=spigot-yhp-ff in IE http://www.msn.com/?ocid=iehp So it appears that IE has been fixed, but FF is still not directing properly. Here is the txt file after downloading fixlist.txt and running FRST Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014 Ran by Mark at 2014-02-19 19:46:41 Run:1 Running from C:\Users\Mark\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [X] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=541231&fr=spigot-yhp-ie SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {5C336625-E4E3-45EA-9371-130B0AEB48E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql SearchScopes: HKLM-x32 - {5C336625-E4E3-45EA-9371-130B0AEB48E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql SearchScopes: HKCU - {5C336625-E4E3-45EA-9371-130B0AEB48E9} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File CHR Extension: (Ads Removal) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-17] C:\Users\Mark\AppData\Local\Temp\ntdll_dump.dll C:\Users\Mark\AppData\Local\Temp\Quarantine.exe C:\Users\Mark\AppData\Local\Temp\Resource_Toolbar.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key deleted successfully. HKCR\CLSID\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key deleted successfully. HKCR\CLSID\{5C336625-E4E3-45EA-9371-130B0AEB48E9} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully. HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod => Moved successfully. C:\Users\Mark\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Mark\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Mark\AppData\Local\Temp\Resource_Toolbar.exe => Moved successfully. ==== End of Fixlog ====
  6. labman
    Scans done and attached - the JRT file was too long to post. Addition.txt FRST.txt JRT.txt
  7. labman
    I am currently going through the same thing - I feel your pain.
  8. labman
    Hi MrC The Malwarebytes scan report is in the post right above yours, it is designated by the Malwarebyte scan log heading. I opened both FF and IE and here are the respective home pages that come up http://search.yahoo.com/?type=541231&fr=spigot-yhp-ff http://search.yahoo.com/?type=541231&fr=spigot-yhp-ie
  9. labman
    AdwCleaner report after reboot # AdwCleaner v3.019 - Report created 19/02/2014 at 13:32:51 # Updated 17/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Mark - MARK-LAPTOP # Running from : C:\Users\Mark\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : Application Updater ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar Folder Deleted : C:\Program Files (x86)\Common Files\Spigot Folder Deleted : C:\Users\Mark\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Mark\AppData\LocalLow\Search Settings File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 ************************* AdwCleaner[R0].txt - [3780 octets] - [19/02/2014 13:28:19] AdwCleaner[s0].txt - [3579 octets] - [19/02/2014 13:32:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3639 octets] ########## Malwarebyte scan log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.19.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Mark :: MARK-LAPTOP [administrator] 2/19/2014 1:41:26 PM mbam-log-2014-02-19 (13-41-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218861 Time elapsed: 7 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I will reboot and report.
  10. labman
    Results of AdwCleaner - cleaned all found items # AdwCleaner v3.019 - Report created 19/02/2014 at 13:28:19 # Updated 17/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Mark - MARK-LAPTOP # Running from : C:\Users\Mark\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : Application Updater ***** [ Files / Folders ] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Found C:\Program Files (x86)\Application Updater Folder Found C:\Program Files (x86)\Common Files\Spigot Folder Found C:\Program Files (x86)\IObit Apps Toolbar Folder Found C:\Users\Mark\AppData\LocalLow\AVG Security Toolbar Folder Found C:\Users\Mark\AppData\LocalLow\Search Settings ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKCU\Software\Search Settings Key Found : HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\AVG Secure Search Key Found : [x64] HKCU\Software\Search Settings Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : HKLM\Software\Application Updater Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Found : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player Key Found : HKLM\Software\PIP Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 ************************* AdwCleaner[R0].txt - [3608 octets] - [19/02/2014 13:28:19] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3668 octets] ##########
  11. labman
    DDS reports DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2 Run by Mark at 0:10:15 on 2014-02-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2277 [GMT -5:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\explorer.exe C:\Windows\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: URLHooker2 Class: {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\Program Files (x86)\Flash Video Downloader\URLHooker.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: Preview = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 208.180.42.68 208.180.42.100 192.168.1.1 TCP: Interfaces\{A90C6FCA-C020-4B2B-B5B2-CB05E4520259} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1 TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1 TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\0516D607169716 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\052796E636563737 : DHCPNameServer = 64.71.255.198 TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\27F657475627D22656C6B696E6534376 : DHCPNameServer = 192.168.2.1 198.190.226.3 198.190.226.30 TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\34F6E636F62746 : DHCPNameServer = 192.168.100.200 TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\C6F636B6F6E683631353 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C7E7C7EB-3A45-4AEE-AB47-03826FA07B25}\E4544574541425 : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll x64-BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [HP Software Update] c:\program files (x86)\hp\hp software update\hpwuschd2.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-17 21184] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-12-10 881440] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-2-3 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-4 203264] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-2-7 807800] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-11-7 341824] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-3 215040] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-3 36408] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-10 2151744] S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-2-7 103064] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2010-11-19 121800] S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-11-19 121800] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-17 25928] S3 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-17 418376] S3 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-17 701512] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2010-7-28 26112] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456] S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-10-19 34848] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-3 216576] S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-2-7 203672] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832] S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-10-19 23016] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-10-19 23048] S4 PenCommService;Livescribe Pulse Smartpen Service; [x] . =============== Created Last 30 ================ . 2014-02-19 03:15:20 -------- d-sh--w- C:\$RECYCLE.BIN 2014-02-19 01:35:43 -------- d-----w- C:\Users\Mark\AppData\Local\{7363A725-3F1E-4334-B93A-A23706692C66} 2014-02-17 20:39:50 6573056 ----a-w- C:\Windows\System32\mstscax.dll 2014-02-17 20:39:50 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll 2014-02-17 20:22:33 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll 2014-02-17 20:17:43 -------- d-----w- C:\Users\Mark\AppData\Local\{55BBEEC7-A3CF-4ABB-9B9E-7668263A99DC} 2014-02-17 20:17:19 -------- d-----w- C:\Program Files (x86)\Application Updater 2014-02-17 20:17:18 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar 2014-02-17 20:17:18 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2014-02-17 20:16:28 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe 2014-02-17 20:15:53 128320 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll 2014-02-17 20:14:25 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys 2014-02-14 19:25:48 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-14 19:25:48 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-14 02:12:30 -------- d-----w- C:\Users\Mark\AppData\Local\{C8F52A2D-E89D-47CC-95F8-6E773B4956E5} 2014-02-12 22:32:46 -------- d-----w- C:\Users\Mark\AppData\Local\{29A89918-7E7C-4FF2-B3DC-3CDCD8662EAB} 2014-02-12 02:31:37 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-02-12 02:31:37 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-02-12 02:31:37 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-12 02:31:37 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-02-12 02:25:52 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2014-02-12 02:25:52 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2014-02-12 02:25:52 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-02-12 02:25:52 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2014-02-12 01:49:11 -------- d-----w- C:\Users\Mark\AppData\Local\{97D1B32E-5038-4FED-8C5A-DEBACBA1972C} 2014-02-11 01:45:28 -------- d-----w- C:\Users\Mark\AppData\Local\{E016CA8C-2BD7-4A13-8D1A-FCB7624D60B1} 2014-02-10 04:19:09 -------- d-----w- C:\Users\Mark\AppData\Local\{FD1F0519-FC63-44A7-AC64-98FDF2F96AC6} 2014-02-09 16:18:57 -------- d-----w- C:\Users\Mark\AppData\Local\{A64B035F-94C7-42F1-8A44-DBEBB145DBDE} 2014-02-08 16:28:04 -------- d-----w- C:\Users\Mark\AppData\Local\{4C74EECF-1F4F-4E02-8CDE-90C7F752E247} 2014-02-08 00:09:33 -------- d-----w- C:\Users\Mark\AppData\Local\{40446A37-B4C1-4136-9EF6-A482CA79E442} 2014-02-07 05:53:38 -------- d-----w- C:\Users\Mark\AppData\Roaming\ProductData 2014-02-07 05:08:31 -------- d-----w- C:\Program Files (x86)\Samsung 2014-02-07 05:04:36 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2014-02-07 05:04:36 103064 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2014-02-07 05:04:35 -------- d-----w- C:\Program Files\SAMSUNG 2014-02-07 05:04:08 -------- d-----w- C:\ProgramData\Samsung 2014-02-07 04:57:35 -------- d-----w- C:\Users\Mark\AppData\Roaming\VERIZON 2014-02-07 03:09:04 -------- d-----w- C:\Users\Mark\AppData\Local\{9A90140D-49BA-4965-81CB-C3DAA09A549B} 2014-02-06 02:04:13 -------- d-----w- C:\Users\Mark\AppData\Local\{C04EDB32-493A-453A-A904-1801228C76F5} 2014-02-05 01:27:03 -------- d-----w- C:\Users\Mark\AppData\Local\{72659762-F7AF-4D5A-8303-7F02959A39B4} 2014-02-04 00:02:14 -------- d-----w- C:\Users\Mark\AppData\Local\{3E255AD3-70D6-4B29-9469-862A3016DF84} 2014-02-02 17:24:42 -------- d-----w- C:\Users\Mark\AppData\Local\{072EA091-99FC-4DF6-9E42-36A32188F101} 2014-02-01 23:43:01 -------- d-----w- C:\Users\Mark\AppData\Local\{38A1B241-81C9-4582-97CA-F39AB8515975} 2014-02-01 11:14:03 -------- d-----w- C:\Users\Mark\AppData\Local\{882686C7-1035-4512-9CD4-C4031AA0324C} 2014-01-31 23:13:50 -------- d-----w- C:\Users\Mark\AppData\Local\{B8726C46-0E6F-4E15-B03C-8BF24CDBD258} 2014-01-30 23:42:58 -------- d-----w- C:\Users\Mark\AppData\Local\{5CCF5C97-4405-4DC5-A3F2-E124E7161CE3} 2014-01-30 01:10:34 -------- d-----w- C:\Users\Mark\AppData\Local\{FF858F44-421F-4D95-B590-FB143DF2D581} 2014-01-29 11:20:51 -------- d-----w- C:\Users\Mark\AppData\Local\{33BCB970-8BD3-44C2-A1BB-3A3EBDCFEE72} 2014-01-28 23:20:26 -------- d-----w- C:\Users\Mark\AppData\Local\{28CDA880-EB0D-462A-A44B-2BD55FE0777C} 2014-01-28 03:37:46 -------- d-----w- C:\Users\Mark\AppData\Local\{83C1D046-52ED-4E63-9700-0D83CE7C61B6} 2014-01-27 04:08:35 -------- d-----w- C:\Users\Mark\AppData\Local\{E4DB7628-4343-469C-8D7F-3A4B7A32BE47} 2014-01-26 15:02:55 -------- d-----w- C:\Users\Mark\AppData\Local\{FF4C6FDF-F2BB-4C17-9C85-63A4879AB4DE} 2014-01-25 23:13:39 -------- d-----w- C:\Users\Mark\AppData\Local\{2016BBD1-FE9E-45C2-8528-055FD0F4E5EA} 2014-01-25 00:17:43 -------- d-----w- C:\Users\Mark\AppData\Local\{951C0C31-E866-4BB8-AA06-2AF0C596BDC4} 2014-01-23 22:48:50 -------- d-----w- C:\Users\Mark\AppData\Local\{15769F31-05D5-4045-957E-153425EAA89F} 2014-01-22 23:06:24 -------- d-----w- C:\Users\Mark\AppData\Local\{47153413-A648-4EF5-B243-4DFEB50234C9} 2014-01-21 22:41:31 -------- d-----w- C:\Users\Mark\AppData\Local\{F2CBD60A-61DB-4BAE-B50E-9F2E69358F67} 2014-01-20 23:03:58 -------- d-----w- C:\Users\Mark\AppData\Local\{F84766DB-72C5-48B0-820A-D3C7AF4DCF9C} 2014-01-20 08:06:47 -------- d-----w- C:\Users\Mark\AppData\Local\{FA1AD5A9-B320-431A-BE6A-E9C375694535} . ==================== Find3M ==================== . 2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-05 01:27:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 01:27:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-11 01:21:05 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-12-11 01:21:05 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll 2013-12-11 01:20:48 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2013-12-11 01:20:48 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2013-12-11 01:20:21 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-12-11 01:20:21 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-12-11 01:20:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-12-11 01:20:02 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-12-11 01:19:19 202752 ----a-w- C:\Windows\System32\scrrun.dll 2013-12-11 01:19:19 168960 ----a-w- C:\Windows\System32\wscript.exe 2013-12-11 01:19:19 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll 2013-12-11 01:19:19 156160 ----a-w- C:\Windows\System32\cscript.exe 2013-12-11 01:19:19 150016 ----a-w- C:\Windows\System32\wshom.ocx 2013-12-11 01:19:19 141824 ----a-w- C:\Windows\SysWow64\wscript.exe 2013-12-11 01:19:19 126976 ----a-w- C:\Windows\SysWow64\cscript.exe 2013-12-11 01:19:19 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx 2013-12-11 01:19:06 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys 2013-12-11 01:19:06 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys 2013-12-11 01:18:54 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-12-11 01:18:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-12-11 01:18:28 197120 ----a-w- C:\Windows\System32\credui.dll 2013-12-11 01:18:28 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-12-11 01:18:28 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-12-11 01:18:28 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-12-11 01:18:28 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-12-11 01:18:28 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll 2013-12-11 01:17:58 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-12-11 01:17:58 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-12-11 01:17:38 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-12-11 01:17:38 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-12-11 01:17:03 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll 2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll 2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll 2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe 2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe 2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe 2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll 2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll 2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll 2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll 2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe 2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe 2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe 2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe 2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-26 17:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 0:10:34.80 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 4/9/2010 11:31:25 AM System Uptime: 2/18/2014 8:23:05 PM (4 hours ago) . Motherboard: Hewlett-Packard | | 363F Processor: AMD Athlon II Dual-Core M320 | Socket S1G3 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 219 GiB total, 122.581 GiB free. D: is FIXED (NTFS) - 14 GiB total, 2.245 GiB free. E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 4500 G510n-z Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 4500 G510n-z PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Officejet 4500 G510n-z Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Officejet 4500 G510n-z PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . ==== System Restore Points =================== . RP394: 1/18/2014 3:43:32 PM - Installed Java 7 Update 51 RP395: 1/26/2014 4:20:48 PM - Scheduled Checkpoint RP396: 2/4/2014 10:30:02 PM - Scheduled Checkpoint RP397: 2/7/2014 12:07:47 AM - Installed SUABnR RP398: 2/14/2014 12:20:55 AM - Scheduled Checkpoint RP399: 2/14/2014 2:24:21 PM - Windows Update RP400: 2/17/2014 3:22:49 PM - Windows Update RP401: 2/17/2014 11:46:02 PM - Windows Update . ==== Installed Programs ====================== . 4500_G510nz_Help 4500G510nz 4500G510nz_Software_Min 64 Bit HP CIO Components Installer Acrobat.com ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 12 Plugin Adobe Reader X (10.1.9) Adobe Shockwave Player Adobe Shockwave Player 11.6 Advanced SystemCare 7 Amazon Cloud Player Amazon Kindle Amazon MP3 Downloader 1.0.17 AMD USB Filter Driver Apple Application Support Apple Mobile Device Support Apple Software Update Applian FLV and Media Player 3.1.1.12 Atheros Driver Installation Program ATI Catalyst Install Manager AVG 2014 Bonjour BufferChm Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system ConvertHelper 2.2 CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 9 D3DX10 Destinations DeviceDiscovery DocMgr DocProc Eraser 6.0.7.1893 FastStone Image Viewer 4.6 Fax Flash Video Downloader 0.1 FLV Player 2.0 (build 25) FormatFactory 3.0.1 GIMP 2.8.6 Google Earth Plug-in Google Update Helper GPBaseService2 HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Games HP Imaging Device Functions 13.0 HP Officejet 4500 G510n-z HP Quick Launch Buttons HP Setup HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Support Assistant HP Update HP User Guides 0148 HP Wireless Assistant HPAsset component for HP Active Support Library HPDiagnosticAlert HPProductAssistant HPSSupply IDT Audio Image Plugin IObit Malware Fighter IObit Uninstaller iTunes Japanese Fonts Support For Adobe Reader X Java 7 Update 51 Java 7 Update 7 (64-bit) Java Auto Updater Junk Mail filter update LabelPrint LightScribe System Software Link'Em Livescribe Connect Livescribe Desktop Livescribe Desktop Documentation Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Corporation Microsoft LifeCam Microsoft Live Search Toolbar Microsoft Mouse and Keyboard Center Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 8.0 (x86 en-US) MPC-HC 1.6.8 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal Network64 OCR Software by I.R.I.S. 13.0 OpenOffice 4.0.0 Power2Go PowerDirector PowerTools Lite 2011 QLBCASL QuickTime Realtek 8136 8168 8169 Ethernet Driver Realtek USB 2.0 Card Reader Recovery Manager SAMSUNG USB Driver for Mobile Phones Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Shop for HP Supplies Skype™ 6.6 Smart Defrag 3 SmartWebPrinting SolutionCenter Status SUABnR Surfing Protection swMSM Synaptics Pointing Device Driver Toolbox TrayApp TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wohiper TurboTax 2010 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update Installer for WildTangent Games App Verizon Wireless Software Upgrade Assistant - Samsung(ar) Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables WebReg WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WModem Driver Installer . ==== Event Viewer Messages From Past Week ======== . 2/18/2014 12:43:17 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s). 2/18/2014 12:43:17 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s). 2/18/2014 12:40:18 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). 2/18/2014 12:39:07 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 2/18/2014 12:37:59 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 2/17/2014 3:10:12 PM, Error: volmgr [46] - Crash dump initialization failed! 2/12/2014 11:31:41 PM, Error: atikmdag [52250] - CPLIB :: OPM - Failed the HFS . ==== End Of File ===========================
  12. labman
    Hi all, Found this forum while searching why my browser home page has suddenly changed to yahoo-spigot search. I feel this occured after an update to Iobit smart defrag 3 but am not positive. Based upon previous posts regarding this subject I ran Malwarebytes and Rouge Remover but did not remove any findings. My main browser is FF, but occasionally need to IE and the same problem exists there. The following are the reports. Thanks in advance for any and all help. Malwarebytes scan log Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Mark :: MARK-LAPTOP [administrator] 2/18/2014 10:22:30 PM mbam-log-2014-02-18 (22-22-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218112 Time elapsed: 7 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ======================================================================================================================= RogueKiller V8.8.7 [Feb 11 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Mark [Admin rights] Mode : Scan -- Date : 02/18/2014 22:36:45 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS725025A9A364 ATA Device +++++ --- User --- [MBR] c2f93443d00de645c84fbba2e03178c5 [bSP] 3d91004ce31ad201d4ec981aa0fcc305 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 224319 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 459814912 | Size: 13852 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02182014_223645.txt >>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.