Jump to content

Search the Community

Showing results for tags 'Toolbar'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 13 results

  1. What is WhiteClick?The Malwarebytes research team has determined that WhiteClick is a potentially unwanted program that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by WhiteClick?You may see these warnings during install:and this entry in your list of installed Programs and Features:You may also see this entry in your startup folder:this toolbar in your taskbar:which shows the main menu if you click onn it:How did WhiteClick get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed by a bundler.How do I remove WhiteClick?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of WhiteClick? No, Malwarebytes removes WhiteClick completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this threat.As you can see below the full version of Malwarebytes would have protected you against the WhiteClick adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: Startup: C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk [2019-01-07] ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\{username}\AppData\Roaming\Microsoft\Installer\{489D7C27-8DD5-45BF-96C8-A8C56F5B0554}\_D0CC430606F5020175B620.exe () C:\Users\{username}\AppData\Local\WhiteClick Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\WhiteClick Adds the file active-search.ico"="11/8/2017 1:14 PM, 4286 bytes, A Adds the file License.rtf"="9/8/2017 11:07 AM, 38068 bytes, A Adds the file Newtonsoft.Json.dll"="4/2/2017 5:46 PM, 522240 bytes, A Adds the file Start.exe"="12/17/2018 2:35 PM, 25088 bytes, A Adds the file System.Net.Http.dll"="7/9/2013 11:04 AM, 180904 bytes, A Adds the file WebClient.dll"="12/17/2018 2:35 PM, 13312 bytes, A Adds the file WhiteClick.dll"="12/13/2018 11:07 AM, 48640 bytes, A Adds the file WhiteClick.InstallState"="1/7/2019 9:04 AM, 2597 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\Images Adds the file afisha.mail.ru.png"="3/22/2017 3:16 PM, 8433 bytes, A Adds the file auto.mail.ru.png"="3/22/2017 3:27 PM, 13435 bytes, A Adds the file aw.my.com.png"="3/1/2017 4:40 PM, 8600 bytes, A Adds the file bing.com.png"="5/31/2018 11:58 AM, 3806 bytes, A Adds the file e.mail.ru.png"="3/22/2017 2:53 PM, 5318 bytes, A Adds the file facebook.com.png"="5/31/2018 11:40 AM, 2205 bytes, A Adds the file horo.mail.ru.png"="3/22/2017 3:25 PM, 4237 bytes, A Adds the file instagram.com.png"="5/31/2018 12:06 PM, 11219 bytes, A Adds the file linkedin.com.png"="5/31/2018 12:15 PM, 13709 bytes, A Adds the file mail.ru.png"="3/1/2017 4:33 PM, 6837 bytes, A Adds the file my.mail.ru.png"="3/22/2017 2:57 PM, 3645 bytes, A Adds the file news.mail.ru.png"="3/22/2017 3:28 PM, 4588 bytes, A Adds the file ok.ru.png"="3/1/2017 4:21 PM, 3921 bytes, A Adds the file otvet.mail.ru.png"="3/22/2017 3:18 PM, 6275 bytes, A Adds the file pogoda.mail.ru.png"="3/27/2017 2:01 PM, 2272 bytes, A Adds the file rev.mail.ru.png"="3/1/2017 5:08 PM, 11424 bytes, A Adds the file ru.aliexpress.com.png"="3/1/2017 4:30 PM, 7084 bytes, A Adds the file sport.mail.ru.png"="3/22/2017 3:30 PM, 11857 bytes, A Adds the file twitter.com.png"="5/31/2018 12:13 PM, 6833 bytes, A Adds the file vk.com.png"="3/1/2017 4:22 PM, 3872 bytes, A Adds the file warface.com.png"="3/1/2017 4:44 PM, 10103 bytes, A Adds the file warface.ru.png"="3/1/2017 4:44 PM, 10103 bytes, A Adds the file warthunder.com.png"="3/22/2017 3:41 PM, 7805 bytes, A Adds the file warthunder.ru.png"="3/22/2017 3:41 PM, 7805 bytes, A Adds the file worldoftanks.com.png"="3/22/2017 3:39 PM, 10290 bytes, A Adds the file worldoftanks.ru.png"="3/22/2017 3:39 PM, 10290 bytes, A Adds the file worldofwarships.com.png"="3/22/2017 3:48 PM, 11526 bytes, A Adds the file worldofwarships.ru.png"="3/22/2017 3:48 PM, 11526 bytes, A Adds the file youtube.com.png"="5/31/2018 12:00 PM, 7338 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\System Images Adds the file add_tab.png"="4/30/2017 7:14 PM, 1894 bytes, A Adds the file loupe.png"="5/12/2017 2:51 PM, 1243 bytes, A Adds the file question_mark.png"="5/7/2017 10:33 AM, 3275 bytes, A Adds the file right-arrow.png"="5/12/2017 2:37 PM, 464 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\Tabs\0 Adds the file Settings.ini"="1/7/2019 9:04 AM, 116 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\Tabs\1 Adds the file Settings.ini"="1/7/2019 9:04 AM, 108 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\Tabs\2 Adds the file Settings.ini"="1/7/2019 9:04 AM, 118 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\Tabs\3 Adds the file Settings.ini"="1/7/2019 9:04 AM, 116 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\Tabs\4 Adds the file Settings.ini"="1/7/2019 9:04 AM, 114 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WhiteClick\Tabs\5 Adds the file Settings.ini"="1/7/2019 9:04 AM, 114 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Installer\{489D7C27-8DD5-45BF-96C8-A8C56F5B0554} Adds the file _D0CC430606F5020175B620.exe"="1/7/2019 9:04 AM, 10134 bytes, RA In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adds the file Shortcut to Primary output from Start (Active).lnk"="1/7/2019 9:04 AM, 3035 bytes, A In the existing folder C:\Windows\Installer Adds the file 9b1d3.msi"="12/17/2018 2:35 PM, 1275904 bytes, A Adds the file SourceHash{489D7C27-8DD5-45BF-96C8-A8C56F5B0554}"="1/7/2019 9:04 AM, 20480 bytes, A Adds the folder C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WhiteClick\v4.0_3.0.0.0__57272e7a64c25751 Adds the file WhiteClick.dll"="1/7/2019 9:04 AM, 48640 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}] "(Default)"="REG_SZ", "MailSearch.Attributes.BandObjectAttribute" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}] "(Default)"="REG_SZ", "White Click" "HelpText"="REG_SZ", "Mail Search Bar" "MenuText"="REG_SZ", "White Click" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}] "(Default)"="REG_SZ", "MailSearch.Controls.HostedPanels.AutoCompleteControls.AutoCompleteHeader" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E22700E-7CA9-30A1-9687-4CC130BB6388}] "(Default)"="REG_SZ", "MailSearch.Installer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87E1A3FC-FED3-3FF7-A11C-8443C6251976}\InprocServer32] "(Default)"="REG_SZ", "mscoree.dll" "Assembly"="REG_SZ", "WhiteClick, Version=3.0.0.0, Culture=neutral, PublicKeyToken=57272e7a64c25751" "Class"="REG_SZ", "MailSearch.Helpers.AutoComplete" "RuntimeVersion"="REG_SZ", "v4.0.30319" "ThreadingModel"="REG_SZ", "Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Attributes.BandObjectAttribute] "(Default)"="REG_SZ", "MailSearch.Attributes.BandObjectAttribute" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Attributes.BandObjectAttribute\CLSID] "(Default)"="REG_SZ", "{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Controls.HostedPanels.AutoCompleteControls.AutoCompleteHeader] "(Default)"="REG_SZ", "MailSearch.Controls.HostedPanels.AutoCompleteControls.AutoCompleteHeader" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Controls.HostedPanels.AutoCompleteControls.AutoCompleteHeader\CLSID] "(Default)"="REG_SZ", "{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Helpers.AutoComplete] "(Default)"="REG_SZ", "MailSearch.Helpers.AutoComplete" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Helpers.AutoComplete\CLSID] "(Default)"="REG_SZ", "{87E1A3FC-FED3-3FF7-A11C-8443C6251976}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Installer] "(Default)"="REG_SZ", "MailSearch.Installer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.Installer\CLSID] "(Default)"="REG_SZ", "{4E22700E-7CA9-30A1-9687-4CC130BB6388}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.MailSearchBandObject] "(Default)"="REG_SZ", "MailSearch.MailSearchBandObject" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailSearch.MailSearchBandObject\CLSID] "(Default)"="REG_SZ", "{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{489D7C27-8DD5-45BF-96C8-A8C56F5B0554}] "AuthorizedCDFPrefix"="REG_SZ", "" "Comments"="REG_SZ", "Easy web" "Contact"="REG_SZ", "WhiteClick" "DisplayName"="REG_SZ", "WhiteClick" "DisplayVersion"="REG_SZ", "4.1.2" "EstimatedSize"="REG_DWORD", 1197 "HelpLink"="REG_SZ", "" "HelpTelephone"="REG_SZ", "" "InstallDate"="REG_SZ", "20190107" "InstallLocation"="REG_SZ", "" "InstallSource"="REG_SZ", "C:\Users\{username}1\AppData\Local\Temp\is-FGM15.tmp\" "Language"="REG_DWORD", 1033 "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{489D7C27-8DD5-45BF-96C8-A8C56F5B0554}" "Publisher"="REG_SZ", "White" "Readme"="REG_SZ", "" "Size"="REG_SZ", "" "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{489D7C27-8DD5-45BF-96C8-A8C56F5B0554}" "URLInfoAbout"="REG_SZ", "" "URLUpdateInfo"="REG_SZ", "" "Version"="REG_DWORD", 67174402 "VersionMajor"="REG_DWORD", 4 "VersionMinor"="REG_DWORD", 1 "WindowsInstaller"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|{username}|AppData|Local|WhiteClick|Newtonsoft.Json.dll] "Newtonsoft.Json,Version="10.0.0.0",Culture="neutral",PublicKeyToken="30AD4FE6B2A6AEED",ProcessorArchitecture="MSIL""="REG_MULTI_SZ, "].jD?7qMK=KsoThLRF!C>oV4do'^2UQX`N2mC4I2* " [HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|{username}|AppData|Local|WhiteClick|Start.exe] "Start,Version="2.0.0.1",Culture="neutral",ProcessorArchitecture="MSIL""="REG_MULTI_SZ, "].jD?7qMK=KsoThLRF!C>zVc1ewp@77o(qTb([)SD " [HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|{username}|AppData|Local|WhiteClick|System.Net.Http.dll] "System.Net.Http,Version="2.0.0.0",Culture="neutral",PublicKeyToken="B03F5F7F11D50A3A",ProcessorArchitecture="MSIL""="REG_MULTI_SZ, "].jD?7qMK=KsoThLRF!C>f9ZfRwq@3^Eg,WFYU[gR " [HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|{username}|AppData|Local|WhiteClick|WebClient.dll] "WebClient,Version="3.0.0.0",Culture="neutral",ProcessorArchitecture="MSIL""="REG_MULTI_SZ, "].jD?7qMK=KsoThLRF!C>uo]=8('sD]`vl&(Ck-@* " [HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|{username}|AppData|Local|WhiteClick|WhiteClick.dll] "WhiteClick,Version="3.0.0.0",Culture="neutral",PublicKeyToken="57272E7A64C25751",ProcessorArchitecture="MSIL""="REG_MULTI_SZ, "].jD?7qMK=KsoThLRF!C>nq9oWG,101X2MZz%ZnKY " [HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global] "WhiteClick,Version="3.0.0.0",Culture="neutral",PublicKeyToken="57272E7A64C25751",ProcessorArchitecture="MSIL""="REG_MULTI_SZ, "].jD?7qMK=KsoThLRF!C>bau+xKGnn9UN}vNmR'&@ " [HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\72C7D9845DD8FB54698C8A5CF6B55045] "AdvertiseFlags"="REG_DWORD", 388 "Assignment"="REG_DWORD", 0 "AuthorizedLUAApp"="REG_DWORD", 0 "Clients"="REG_MULTI_SZ, ": " "DeploymentFlags"="REG_DWORD", 3 "InstanceType"="REG_DWORD", 0 "Language"="REG_DWORD", 1033 "PackageCode"="REG_SZ", "927FBA4E77110114EA8B12BA14271684" "ProductName"="REG_SZ", "WhiteClick" "Version"="REG_DWORD", 67174402 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/7/19 Scan Time: 9:13 AM Log File: 27e2b56c-1254-11e9-85a6-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8665 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236229 Threats Detected: 62 Threats Quarantined: 62 Time Elapsed: 2 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.WhiteClick, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{489D7C27-8DD5-45BF-96C8-A8C56F5B0554}, Quarantined, [5071], [538662],1.0.8665 Registry Value: 1 PUP.Optional.WhiteClick, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{489D7C27-8DD5-45BF-96C8-A8C56F5B0554}|DISPLAYNAME, Quarantined, [5071], [538662],1.0.8665 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\System Images, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\0, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\1, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\2, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\3, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\4, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\5, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\USERS\{username}\APPDATA\LOCAL\WHITECLICK, Quarantined, [5071], [538656],1.0.8665 File: 50 PUP.Optional.WhiteClick, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\SHORTCUT TO PRIMARY OUTPUT FROM START (ACTIVE).LNK, Quarantined, [5071], [543347],1.0.8665 PUP.Optional.WhiteClick, C:\USERS\{username}\APPDATA\LOCAL\WHITECLICK\ACTIVE-SEARCH.ICO, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\afisha.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\auto.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\aw.my.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\bing.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\e.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\facebook.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\horo.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\instagram.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\linkedin.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\my.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\news.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\ok.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\otvet.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\pogoda.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\rev.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\ru.aliexpress.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\sport.mail.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\twitter.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\vk.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\warface.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\warface.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\warthunder.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\warthunder.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\worldoftanks.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\worldoftanks.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\worldofwarships.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\worldofwarships.ru.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Images\youtube.com.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\System Images\add_tab.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\System Images\loupe.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\System Images\question_mark.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\System Images\right-arrow.png, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\0\Settings.ini, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\1\Settings.ini, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\2\Settings.ini, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\3\Settings.ini, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\4\Settings.ini, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Tabs\5\Settings.ini, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\License.rtf, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Newtonsoft.Json.dll, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\Start.exe, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\System.Net.Http.dll, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\WebClient.dll, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\WhiteClick.dll, Quarantined, [5071], [538656],1.0.8665 PUP.Optional.WhiteClick, C:\Users\{username}\AppData\Local\WhiteClick\WhiteClick.InstallState, Quarantined, [5071], [538656],1.0.8665 Adware.WhiteClick, C:\USERS\{username}\DESKTOP\SETUP.EXE, Quarantined, [2672], [613209],1.0.8665 Adware.WhiteClick, C:\WINDOWS\INSTALLER\9B1D3.MSI, Quarantined, [2672], [556015],1.0.8665 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. So I recently ran MalwareBytes and it came up with this PUP. Optional.ASK Users\Name\AppData\Local\Google\Chrome\USER DATA\Default\Web Data PUP.Optional.Spigot Users\Name\AppData\Local\Google\Chrome\USER DATA\Default\Web Data When I quarantine the files and run another scan it detects the same ones again (immediately after it just quarantined them)and will quarantine even more files. This just goes on and on, yet I have no toolbar installed in chrome and see nothing about Spigot or any unwanted ads? I haven't installed any new programs so I'm not sure what it could be from if not a false positive? Any idea what it could be?
  3. Today, a strange icon has appeared on the toolbar at the bottom of my screen and I don't know what it is or how to get rid of it. I fear it may indicate some kind of infection, so I'm posting an image here to see if anyone recognizes it and can tell me what it augers! It's the little black and white icon between the Firefox and the McAfee icons bottom right. Although it has an X in the upper right corner, clicking it does nothing. I can close the browser and it will go away for a while, but soon returns. Any ideas? Thanks in advance.
  4. Hi There, Please help! I stupidly downloaded a program from a "trusted" source and it has installed malware on my computer. Specifically mysearchdial redirect toolbar that reinstalls despite the fact I have removed it from my computer. I think it must be hiding inside another program but I can't work out which one (although there is an icon called Online Games that I swear I've never seen before.) I have used kapersky tdsskiller but it didn't detect anything. Also please note that the redirect only happens on start-up and after that I can use the browser normally. I'm using chrome and iexplorer and running Windows 7.
  5. Some how AVG installed a toolbar in my firefox brouser, (fat fingers or a family member no blame directed). Next thing I know my hard drive is full. Went online and found a fix, Delete the file (grown to greater than 4G!) then when it returns make it read only. Stopped using AVG and started using Trend Micro internet security with no further problems. My registration ran out when I tried to upgrade to TM Ti Maximum Security because the reg code was not compatible with internet security, worked with TM support and got no where. They said I had to remove AVG or their program would not install. I removed all AVG entries except a group which will not delete. (Cannot delete LEGACY_AVG_SECURITY_TOOLBAR_SERVICE: Error while deleting key.) HELP!
  6. Hi folks, I downloaded the free version of EaseUS partition manager yesterday and shortly after running it following installation, further installation of unwanted programs took place. I cannot be 100% certain that the EaseUS partition manager contains these but it has to be more than coincidence as they installed a matter of seconds after I ran EaseUS for the first time. This is on a fresh install of Windows 7 64 bit with few other applications. Details of the unwanted software: - conduit toolbar / extension / addon / plugin - seen in Chrome and Firefox toolbars - trustworthy toolbar extension plugin - seen in Firefox - AVG PC tune up installed Conduit replaces the default search engine with theirs and also the startup page URL. It's installed as a toolbar in Chrome for certain and I think Firefox as well. It is also installed as Windows application. Trustworthy toolbar is installed in firefox. Removal via standard Uninstall a program in Windows - remove Conduit remove conduit from search engines list in Chrome in settings remove conduit url from setting for page to open when chrome starts change home page url back to what you want in standard settings disable conduit and trustworthy addon / plugin / extension / toolbar in firefox Remove AVG tuneup via standard uninstall that seams to get rid of the visible manifestions - but I am now paranoid about what is lurking unseen, root kit I feel that I am justified in suspecting EaseUS as a carrier of these programs as all of it happened right after running EaseUS for the first time. I have used this software before and found it to be useful without problems, so it would appear that this malware has been included in more recent versions. Other reasons why I am suspicious of it: - It's free software - there's a lot of good free honest software out there but I guess they want to make their money in this case some how - by ad revenue from changing browser URL to the conduit search engine - It is made in a country that are among those that have been suggested in reports as the source of hacking on large scale at large organisation Norton did not detect any issue with the epm.exe install package downloaded that contains the EaseUS partition manager - and presumably suspected of containing above unwanted software. I'm rather disappointed in EaseUS if they have included this stuff in their installation.
  7. My girlfriend decided to download the digital media program known as "SAI" but inadvertantly also installed the "SweetPacks" toolbar. After some fiddling, I decided to run Malwarebytes and Spybot Search & Destroy. Spybot found several pieces of addware, and apparently cleaned them up, including sweetpacks. Malwarebytes continually becomes non responsive several hours into the scan, but 100000 files in, and still no problem files found. This all sounded good, except her home page is still sweetpacks and she still has the tool bar. I have run dss, and have the two reports, as shown below. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088 Run by Savannah at 16:07:56 on 2013-05-03 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1915.1056 [GMT -7:00] . AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\SearchProtect\bin\CltMngSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Windows\system32\WerCon.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxext.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Savannah\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll mURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\media converter for philips\internet video downloader\ArcURLRecord.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Search Spin Toolbar: {FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C} - c:\program files\search_spin\prxtbSear.dll TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [searchProtect] c:\users\savannah\appdata\roaming\searchprotect\bin\cltmng.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [NDSTray.exe] NDSTray.exe mRun: [cfFncEnabler.exe] cfFncEnabler.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{41FF72CF-98A8-4D8A-8336-8F21340D67B4} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&CUI=UN13097975252358819&UM=2&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CUI=UN13097975252358819&UM=&q= FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\np-mswmp.dll FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\npConduitFirefoxPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - ExtSQL: 2013-04-15 21:09; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2013-04-15 21:10; {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF - ExtSQL: !HIDDEN! 2009-07-25 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090910.001\IDSvix86.sys [2009-9-10 272432] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-5-25 25896] R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-3 40776] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-5-25 290304] R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-30 1245064] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-2 102448] S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-05-03 20:48:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-05-03 20:47:34 -------- d-----w- c:\users\savannah\appdata\roaming\SearchProtect 2013-05-03 19:00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-05-03 19:00:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-05-03 18:57:36 -------- d-----w- c:\users\savannah\appdata\roaming\Malwarebytes 2013-05-03 18:57:18 -------- d-----w- c:\programdata\Malwarebytes 2013-05-03 18:57:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-03 18:57:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-30 09:12:38 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d1bf4a4c-09e3-47dd-b600-a9e1caba12c8}\mpengine.dll 2013-04-16 04:11:05 -------- d-----w- c:\program files\Conduit 2013-04-16 04:11:04 -------- d-----w- c:\users\savannah\appdata\roaming\SYSTEMAX Software Development 2013-04-16 04:11:04 -------- d-----w- c:\programdata\SYSTEMAX Software Development 2013-04-16 04:10:53 -------- d-----w- c:\users\savannah\appdata\local\Conduit 2013-04-16 04:10:53 -------- d-----w- c:\program files\Search_Spin 2013-04-16 04:10:39 -------- d-----w- c:\program files\SearchProtect 2013-04-16 04:10:38 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-16 04:10:38 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-16 04:10:07 -------- d-----w- c:\program files\SearchGBY 2013-04-16 00:16:08 -------- d-----w- c:\users\savannah\.thumbnails 2013-04-16 00:14:05 -------- d-----w- c:\users\savannah\appdata\local\fontconfig 2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\appdata\local\gegl-0.2 2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\.gimp-2.8 2013-04-16 00:07:42 -------- d-----w- c:\program files\GIMP 2 . ==================== Find3M ==================== . 2013-03-19 22:58:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 22:58:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-12 08:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 16:09:07.49 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 5/25/2009 5:18:13 AM System Uptime: 5/3/2013 1:46:23 PM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 140 GiB total, 52.839 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Acrobat.com Adobe Flash Player 11 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 9 Amazon Links AppCore Apple Application Support Apple Mobile Device Support Apple Software Update Backup Bonjour ccCommon CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system DVD MovieFactory for TOSHIBA GearDrvs GIMP 2.8.4 GoGear VIBE Device Manager Google Desktop Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager iTunes Java 6 Update 6 League of Legends LiveUpdate (Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 Media Converter for Philips Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft XML Parser Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 Norton 360 (Symantec Corporation) Norton 360 HTMLHelp Norton Confidential Core Opera 11.60 PaintTool SAI Ver.1 Pando Media Booster Picasa 2 QuickBooks Financial Center QuickTime Razer Game Booster Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver REALTEK RTL8187B Wireless LAN Driver Realtek USB 2.0 Card Reader Realtek WiFi Protected Setup Library RuneScape Launcher 1.2.2 Search Protect by conduit Search Spin Toolbar Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) SPBBC 32bit Spybot - Search & Destroy Symantec Real Time Storage Protection Component Symantec Technical Support Controls SymNet Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Desktop Links TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update Installer for WildTangent Games App WildTangent Games WildTangent Games App (Toshiba Games) Windows Media Encoder 9 Series WinRAR 4.01 (32-bit) WinZip 16.5 World of Warcraft World of Warcraft Trial . ==== End Of File ===========================
  8. Soooo earlier this evening, i wanted to watch a video on videoweed and it told me that i needed a new plug in to watch it, so i clicked the link and it started installing. i didn't really understand the steps, and if i didnt take the toolbar it wouldnt work, so i took it. then i saw it was starting to download so i panicked and tried to cancel it but i couldnt. i closed my computer and when i reopened it, there was this whitesmoke toolbar on google chrome. i went to check on control panel, but there was nothing about whitesmoke there, so i searched it throught my cpu, and i didnt find anything either. i looked on google and tried with paretologic pc health advisor, it didnt work. i tried with revo uninstaller pro, it didnt work either. i tried also with malwarebytes anti-malware and it didn't work. somebody help me? my cpu is slower i already noticed... Attach.txt DDS.txt
  9. Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. Hello, I have been search through multiple forums for ways to get rid of the Whitesmoke Toolbar from my Mozilla Firefox. My nephew (who will never use my computer again) got it from a video conversation app. It has now created a toolbar on my firefox that will not go away. I have done alot of the tricks that have been told to people such as; - Go to Regedit and delete any registry files that are under the "whitesmoke" search - Use Revo Uninstaller and uninstall the toolbar (it didnt show up) - Use the Kaspery TDSS removal kit - Use Malwarebytes - etc etc but it will not go away. I would like to know if anyone could help me with getting rid of the toolbar. I have followed the steps in this thread http://forums.malwarebytes.org/index.php?showtopic=111479 and I have all the logs from SecurityCheck, Combofix, and OTL. I hope someone will be able to help me with this. Its so annoying to have this happen to me especially with me being so cautious about downloads. Thank you. I meant to put this into my first post. Here is my DDS and Attach DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Mychal at 2:25:15 on 2012-09-12 Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.4094.2344 [GMT -7:00] . AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG10\avgfws.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG10\avgam.exe C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\AVG\AVG10\avgui.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.facebook.com/ mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun dRun: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun StartupFolder: C:\Users\Mychal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe StartupFolder: C:\Users\Mychal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoSMBalloonTip = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoSMBalloonTip = 1 (0x1) IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C2801078-2E19-4068-9271-10C15746F70A} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C2801078-2E19-4068-9271-10C15746F70A}\16474777966696 : DhcpNameServer = 192.168.5.1 TCP: Interfaces\{C2801078-2E19-4068-9271-10C15746F70A}\5534157403 : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{C2801078-2E19-4068-9271-10C15746F70A}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E8297A3A-66A8-429B-A94A-24506222E541} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll BHO-X64: btorbit.com - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mychal\AppData\Roaming\Mozilla\Firefox\Profiles\7ai13mxr.default\ FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Mychal\AppData\Roaming\Mozilla\Firefox\Profiles\7ai13mxr.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll . ---- FIREFOX POLICIES ---- user_pref('extensions.autoDisableScopes', 0); . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1248256] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-1 2358656] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-2 250568] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-1 167264] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-14 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-12 114144] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400] . =============== Created Last 30 ================ . 2012-09-12 09:04:48 -------- d-----w- C:\_OTL 2012-09-12 08:32:35 -------- d-sh--w- C:\$RECYCLE.BIN 2012-09-12 08:14:33 98816 ----a-w- C:\Windows\sed.exe 2012-09-12 08:14:33 518144 ----a-w- C:\Windows\SWREG.exe 2012-09-12 08:14:33 256000 ----a-w- C:\Windows\PEV.exe 2012-09-12 08:14:33 208896 ----a-w- C:\Windows\MBR.exe 2012-09-12 07:36:10 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2012-09-12 07:36:08 -------- d-----w- C:\Program Files\VS Revo Group 2012-09-12 07:33:39 -------- d-----w- C:\Users\Mychal\AppData\Local\VS Revo Group 2012-09-12 07:26:27 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-09-12 06:57:47 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2012-09-11 21:57:32 -------- d-----w- C:\Users\Mychal\AppData\Local\{A14EF45F-B75D-41D4-AB18-C00A7F4D5BE8} 2012-09-10 21:04:36 -------- d-----w- C:\Users\Mychal\AppData\Local\{62908202-2CCB-4D1E-9E83-42EB7B409846} 2012-09-10 01:10:44 -------- d-----w- C:\Users\Mychal\AppData\Local\{47E80437-C823-4037-AAFD-18C078F07BAA} 2012-09-04 20:31:50 -------- d-----w- C:\Users\Mychal\AppData\Local\{97619EE9-CDB5-437A-9570-DE0F5DE944F0} 2012-08-31 20:06:29 -------- d-----w- C:\Users\Mychal\AppData\Local\{42D7C27B-3B76-4044-8243-891717DF6E8B} 2012-08-31 00:49:49 4278384 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-08-31 00:49:34 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-08-30 23:44:22 -------- d-----w- C:\Users\Mychal\AppData\Local\{4A07E011-2A28-4B69-8723-3C7414E5ACED} 2012-08-30 04:55:42 -------- d-----w- C:\Users\Mychal\AppData\Local\{6EF5369C-978C-4412-8A7C-F7F4D8D37CA8} 2012-08-28 15:07:58 -------- d-----w- C:\Users\Mychal\AppData\Local\{81B7281F-8C44-490D-BA80-F9F76C393FB1} 2012-08-28 07:42:30 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9F.DLL 2012-08-28 07:42:30 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9F.DLL 2012-08-28 07:41:43 279040 ----a-w- C:\Windows\System32\CNMLM9F.DLL 2012-08-27 21:00:38 -------- d-----w- C:\Users\Mychal\AppData\Local\{F162EC9D-4CD2-4F38-BA16-925C37890E69} 2012-08-24 22:57:27 -------- d-----w- C:\Users\Mychal\AppData\Local\{C5AA326D-285C-4894-8184-0D0F54756ECA} 2012-08-23 18:07:25 -------- d-----w- C:\Users\Mychal\AppData\Local\{8D686E4C-F29C-46E2-BE05-DEC247A87E4C} 2012-08-22 10:28:39 -------- d-----w- C:\Users\Mychal\AppData\Local\{EE9DAC55-37D4-46D9-A309-58CD4F521C0E} 2012-08-22 08:38:03 -------- d-----w- C:\Users\Mychal\AppData\Roaming\General Downloader 2012-08-21 20:14:40 -------- d-----w- C:\Users\Mychal\AppData\Local\{0D3BE832-116A-42EF-B61C-D51FFBB7459D} 2012-08-20 22:07:44 -------- d-----w- C:\Users\Mychal\AppData\Local\{ADD1D585-2D17-4DF8-9702-CFC5683B86DC} 2012-08-20 06:56:04 -------- d-----w- C:\Users\Mychal\AppData\Local\{CC771294-3420-43B9-9469-CA7A9478C859} 2012-08-19 00:40:28 -------- d-----w- C:\Users\Mychal\AppData\Local\{6668CAAA-B326-4757-A45B-F4061A632F12} 2012-08-18 00:43:19 -------- d-----w- C:\Users\Mychal\AppData\Local\{04CBA1A2-6162-41F5-8663-CB075E5330F2} 2012-08-18 00:42:43 -------- d-----w- C:\Users\Mychal\AppData\Local\{B006C6BA-0985-46D6-A432-1FCC8716C0B3} 2012-08-14 07:31:16 -------- d-----w- C:\Users\Mychal\AppData\Local\{A617F1A6-C460-4132-9ADB-AF11280D1E57} 2012-08-14 07:30:55 -------- d-----w- C:\Users\Mychal\AppData\Local\{36F7BA50-C574-4BB5-AC39-9316AFD66022} . ==================== Find3M ==================== . 2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-28 15:11:13 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-28 15:11:13 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-23 00:10:04 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2012-07-23 00:10:02 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll 2012-07-23 00:09:50 332288 ----a-w- C:\Windows\System32\uxtheme.dll 2012-07-23 00:09:47 44544 ----a-w- C:\Windows\System32\themeservice.dll 2012-07-22 23:18:08 925184 ----a-w- C:\Windows\expstart.exe 2012-07-21 20:44:52 20268032 ----a-w- C:\Windows\System32\imageres.dll 2012-07-21 20:42:15 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup 2012-07-21 20:40:01 20268032 ----a-w- C:\Windows\SysWow64\imageres.dll 2012-07-21 20:37:15 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup . ============= FINISH: 2:26:16.39 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows 7 Eternity™ 2009 Boot Device: \Device\HarddiskVolume1 Install Date: 5/5/2010 9:58:42 PM System Uptime: 9/12/2012 2:06:12 AM (0 hours ago) . Motherboard: Dell Inc. | | 0F700C Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 89.405 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent ABBYY FineReader 11 Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update AVG PC Tuneup 2011 Bandisoft MPEG-1 Decoder CamStudio Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner 2.13.720 ConvertHelper 2.2 D3DX10 Dell Driver Download Manager DivX Setup ffdshow [rev 3154] [2009-12-09] FLV Player 2.0 (build 25) Game Booster 3 Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) ImgBurn Internet TV for Windows Media Center IrfanView (remove only) Java Auto Updater Java 6 Update 29 Junk Mail filter update K-Lite Mega Codec Pack 8.0.0 LastPass (uninstall only) Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio 2005 Tools for Office Runtime Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Music Transfer MyITLab ActiveX Installer 2, 9, 8, 65535 MyVideoConverter 2.47 Nexon Game Manager Notepad++ Orbit Downloader Pando Media Booster PAnimals Server Picasa 3 PowerISO Primo QuickBooks QuickBooks Pro 2011 QuickTime Rainmeter RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 RICOH R5C83x/84x Media Driver Ver.3.53.02 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Runtime Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Sony Picture Utility Swiff Player 1.7.2 swMSM TeamViewer 6 The Klub 17 Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 Vegas Pro 9.0 Viewpoint Media Player Vindictus Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables VLC media player 1.1.10 WinDirStat 1.1.2 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Remote Desktop Services UserMode Port Redirector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/9/2012 10:47:40 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/8/2012 5:26:39 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 9/8/2012 5:25:39 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running. 9/8/2012 5:24:39 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/8/2012 5:24:39 AM, Error: Service Control Manager [7031] - The Remote Desktop Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/8/2012 5:24:39 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 9/8/2012 5:24:39 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/8/2012 5:24:39 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 6:41:14 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization. 9/6/2012 3:35:35 AM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 4 time(s). 9/6/2012 2:12:52 AM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s). 9/12/2012 2:09:49 AM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 9/12/2012 2:07:16 AM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the WinDefend service to connect. 9/12/2012 2:07:16 AM, Error: Service Control Manager [7000] - The WinDefend service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/12/2012 12:56:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 9/12/2012 1:34:11 AM, Error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting. 9/12/2012 1:29:38 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 9/12/2012 1:24:13 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 9/12/2012 1:15:35 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 9/12/2012 1:15:09 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 9/11/2012 4:17:50 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 9/10/2012 3:54:48 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. . ==== End Of File ===========================
  10. Soooo earlier this evening, i wanted to watch a video on videoweed and it told me that i needed a new plug in to watch it, so i clicked the link and it started installing. i didn't really understand the steps, and if i didnt take the toolbar it wouldnt work, so i took it. then i saw it was starting to download so i panicked and tried to cancel it but i couldnt. i closed my computer and when i reopened it, there was this whitesmoke toolbar on google chrome. i went to check on control panel, but there was nothing about whitesmoke there, so i searched it throught my cpu, and i didnt find anything either. i looked on google and tried with paretologic pc health advisor, it didnt work. i tried with revo uninstaller pro, it didnt work either. i tried also with malwarebytes anti-malware and it didn't work. somebody help me? my cpu is slower i already noticed...
  11. Hello. As a few other members here, I downloaded the video conversion software Super, and ended up with the Whitesmoke toolbar on Firefox, and looks like on Chrome too. I do not see it listed under add/remove programs in Windows, nor does Revo Uninstaller detects it. A Google search brought me to this forum, so I'm kindly asking for any help that would make me get rid of this thing. I'm creating this topic as suggested by the administrators. Here are my DDS results: DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Pixeles Libres at 11:34:25 on 2012-06-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.13610 [GMT -6:00] . AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.daum.net/ uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s mWinlogon: Userinit=userinit.exe BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: StartNowToolbarHelper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - StartNow Toolbar Helper BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [Google Update] "C:\Users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [<NO NAME>] mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN StartupFolder: C:\Users\PIXELE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5} : NameServer = 209.18.47.61,209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {6E13D095-45C3-4271-9475-F3B48227DD9F} - StartNow Toolbar Helper BHO-X64: StartNowToolbarHelper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [(Default)] mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\ FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?] R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?] R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-10 13336] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-7-20 205312] R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-8 149504] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-5-18 563200] S2 Toolbar Updater Service;Toolbar Updater Service;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 257224] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] . =============== Created Last 30 ================ . 2012-06-21 16:57:09 -------- d-----w- C:\Users\Pixeles Libres\AppData\Local\Macromedia 2012-06-13 15:17:15 -------- d-----w- C:\Program Files (x86)\DefaultTab 2012-06-13 14:34:31 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A209EA0-1699-4C59-B108-C882B9841ABB}\mpengine.dll 2012-06-13 14:31:39 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-06-13 14:31:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 14:31:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 14:31:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 14:31:08 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-06-13 14:31:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-06-13 14:28:21 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-06-13 14:26:28 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-13 14:26:28 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll . ==================== Find3M ==================== . 2012-06-13 14:57:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-13 14:57:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2006-05-03 18:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 19:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 21:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll 2010-01-07 06:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll . ============= FINISH: 11:34:59.24 =============== Attatch . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume7 Install Date: 5/11/2011 1:08:04 AM System Uptime: 6/21/2012 10:48:51 AM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8P67 PRO Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 1598/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 74 GiB total, 10.058 GiB free. D: is FIXED (HFSJ) - 924 GiB total, 65.962 GiB free. E: is FIXED (HFSJ) - 931 GiB total, 88.521 GiB free. F: is CDROM () H: is Removable I: is CDROM () J: is Removable K: is Removable L: is Removable M: is FIXED (HFSJ) - 931 GiB total, 86.877 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP68: 6/13/2012 8:31:42 AM - Windows Update RP69: 6/13/2012 8:49:35 AM - Installed ACDSee Pro 5. . ==== Installed Programs ====================== . ACDSee Pro 4 ACDSee Pro 5 Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Creative Suite 5.5 Master Collection Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Story Adobe Widget Browser Advertising Center Apple Application Support Apple Software Update AudioShell 1.3.5 AVI ReComp 1.5.3 AviSynth 2.5 CameraBag 1.5 Camtasia Studio 7 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish D3DX10 DefaultTab Chrome Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition FormatFactory 2.60 GOM Player Google Chrome HydraVision ImagXpress Intel® Rapid Storage Technology IrfanView (remove only) JMicron JMB36X Driver K-Lite Codec Pack 7.1.0 (Full) LightScribe System Software MagicDisc 2.7.106 marvell 91xx console driver Menu Templates - Starter Kit Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Morrowind Mozilla Firefox 13.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Nero 9 Essentials Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero Express Help Nero Installer Nero Online Upgrade Nero StartSmart OEM NeroExpress PDF Settings CS5 Pidgin PxMergeModule QuickTime RAR Password Recovery Magic v6.1.1.393 Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Snagit 10.0.1 StartNow Toolbar 2.0 SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51 The KMPlayer (remove only) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VLC media player 2.0.1 VobSub 2.23 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Xilisoft Video Converter Ultimate 6 Xvid 1.3.0 Zip Repair Pro . ==== Event Viewer Messages From Past Week ======== . 6/21/2012 4:51:35 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). 6/21/2012 4:51:07 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 . ==== End Of File =========================== Thanks in advance.
  12. Hello, I've been looking over the forms for a solution. My wife somehow got the whitesmoke toolbar/malware on the computer and it keeps hijacking the internet browsing. I've tried a scan with Malwarebytes' Anti-Malware but to no avail. Anyway I've been looking for a way to get it off and any help you could give would really be appreciated. Below are my DDS.txt Attach.txt and I have ran Combofix: DDS.txt ----------------------------------------------------------------------------------------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Susannah at 21:34:02 on 2012-05-30 . ============== Running Processes =============== . C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Users\Susannah\Desktop\Virus\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler mRun: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun mRun: [brStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3428694F-CAF6-4D53-AC0A-6444815FB9E6} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{FAD664F1-E5D1-4CB3-B368-EDED782DFBDD} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun-x64: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun mRun-x64: [brStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R? AVGIDSAgent;AVGIDSAgent R? BrYNSvc;BrYNSvc R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service R? MozillaMaintenance;Mozilla Maintenance Service R? osppsvc;Office Software Protection Platform R? PerfHost;Performance Counter DLL Host R? SBRE;SBRE R? VST64_DPV;VST64_DPV R? VST64HWBS2;VST64HWBS2 R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? AdobeARMservice;Adobe Acrobat Update Service S? AVGIDSDriver;AVGIDSDriver S? AVGIDSFilter;AVGIDSFilter S? AVGIDSHA;AVGIDSHA S? Avgldx64;AVG AVI Loader Driver S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx64;AVG Anti-Rootkit Driver S? Avgtdia;AVG TDI Driver S? avgwd;AVG WatchDog S? CAXHWBS2;CAXHWBS2 S? FontCache;Windows Font Cache Service S? NAUpdate;Nero Update S? netr28x;Ralink 802.11n Wireless Driver for Windows Vista S? PDFProFiltSrvPP;PDFProFiltSrvPP . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-05-30 14:08:25 -------- d-----w- C:\Users\Susannah\AppData\Local\temp 2012-05-30 13:13:35 98816 ----a-w- C:\Windows\sed.exe 2012-05-30 13:13:35 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-30 13:13:35 256000 ----a-w- C:\Windows\PEV.exe 2012-05-30 13:13:35 208896 ----a-w- C:\Windows\MBR.exe 2012-05-29 13:48:09 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDD59F08-BFF3-4FF7-B5AC-26D5A5FAD3EF}\mpengine.dll 2012-05-28 01:19:32 -------- d-----w- C:\Users\Susannah\AppData\Roaming\Malwarebytes 2012-05-28 01:19:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-28 01:19:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-28 01:19:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-28 01:06:17 -------- d-----w- C:\ProgramData\GFI Software 2012-05-26 22:08:37 -------- d-----w- C:\Users\Susannah\AppData\Roaming\AVG2012 2012-05-26 22:01:23 -------- d--h--w- C:\ProgramData\Common Files 2012-05-26 22:00:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-05-26 22:00:23 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-05-26 22:00:23 -------- d-----w- C:\ProgramData\AVG2012 2012-05-26 22:00:23 -------- d-----w- C:\$AVG 2012-05-26 21:58:13 -------- d-----w- C:\Program Files (x86)\AVG 2012-05-26 21:54:20 -------- d-----w- C:\Users\Susannah\AppData\Local\jetmp3 2012-05-26 21:54:20 -------- d-----w- C:\Program Files (x86)\Conduit 2012-05-26 21:54:19 -------- d-----w- C:\ProgramData\MFAData 2012-05-26 21:54:15 -------- d-----w- C:\Users\Susannah\AppData\Local\Conduit 2012-05-26 21:47:00 -------- d-----w- C:\Users\Susannah\AppData\Local\adaware 2012-05-26 21:46:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-05-13 16:10:25 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:54:59 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-12 15:54:45 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-12 15:54:44 2766848 ----a-w- C:\Windows\System32\win32k.sys 2012-05-05 20:30:49 -------- d-----w- C:\ProgramData\MumboJumbo 2012-05-05 20:24:39 -------- d-----w- C:\Program Files (x86)\MumboJumbo 2012-05-04 19:03:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-05-04 19:03:50 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 19:03:50 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe . ==================== Find3M ==================== . 2012-05-13 16:10:25 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 10:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-19 11:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys . ============= FINISH: 21:34:38.49 =============== Attach.txt ----------------------------------------------------------------------------------------------------------------------------------------- . ==== Installed Programs ====================== . µTorrent Ad-Aware Browsing Protection Adobe AIR Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 ASPCA Reminder by We-Care.com v5.0.5.1 Auslogics Registry Cleaner AVCutty 3.2 Brother MFL-Pro Suite DCP-7065DN Compatibility Pack for the 2007 Office system Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition erLT Google SketchUp 8 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java Auto Updater Java™ 6 Update 26 JetMP3 Logitech SetPoint LUXOR LUXOR - Amun Rising LUXOR - Mah Jong LUXOR 2 Luxor: Amun Rising Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Web Publishing Wizard 1.52 MozBackup 1.4.10 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 12.0.1 (x86 en-US) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero Update nero.prerequisites.msi Nuance PaperPort 12 Nuance PDF Viewer Plus NVIDIA PhysX Oblivion Photo Explosion Deluxe 3.0 Realtek High Definition Audio Driver Scansoft PDF Professional Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Snood for Windows version 3.52-W swMSM Unreal Tournament 2004 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Visual Studio 2008 x64 Redistributables Windows Media Player Firefox Plugin . ==== End Of File =========================== Combofix log ----------------------------------------------------------------------------------------------------------------------------------------- ComboFix 12-05-30.03 - Susannah 05/30/2012 7:48.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6466 [GMT -6:00] Running from: c:\users\Susannah\Desktop\Virus\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 ))))))))))))))))))))))))))))))) . . 2012-05-30 13:58 . 2012-05-30 14:02 -------- d-----w- c:\users\Susannah\AppData\Local\temp 2012-05-30 13:58 . 2012-05-30 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 13:48 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD59F08-BFF3-4FF7-B5AC-26D5A5FAD3EF}\mpengine.dll 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\users\Susannah\AppData\Roaming\Malwarebytes 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\programdata\Malwarebytes 2012-05-28 01:19 . 2012-05-28 01:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-28 01:19 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-28 01:06 . 2012-05-28 01:06 -------- d-----w- c:\programdata\GFI Software 2012-05-26 22:08 . 2012-05-26 22:08 -------- d-----w- c:\users\Susannah\AppData\Roaming\AVG2012 2012-05-26 22:01 . 2012-05-26 22:01 -------- d--h--w- c:\programdata\Common Files 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-05-26 22:00 . 2012-05-29 23:22 -------- d-----w- c:\windows\system32\drivers\AVG 2012-05-26 22:00 . 2012-05-26 22:09 -------- d-----w- c:\programdata\AVG2012 2012-05-26 22:00 . 2012-05-26 22:00 -------- d-----w- C:\$AVG 2012-05-26 21:58 . 2012-05-26 21:58 -------- d-----w- c:\program files (x86)\AVG 2012-05-26 21:54 . 2012-05-30 13:40 -------- d-----w- c:\users\AppData 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\users\Susannah\AppData\Local\jetmp3 2012-05-26 21:54 . 2012-05-26 21:54 -------- d-----w- c:\program files (x86)\Conduit 2012-05-26 21:54 . 2012-05-29 23:22 -------- d-----w- c:\programdata\MFAData 2012-05-26 21:54 . 2012-05-27 13:41 -------- d-----w- c:\users\Susannah\AppData\Local\Conduit 2012-05-26 21:47 . 2012-05-26 21:47 -------- d-----w- c:\users\Susannah\AppData\Local\adaware 2012-05-26 21:46 . 2012-05-26 21:46 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-05-13 16:10 . 2012-05-13 16:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-12 15:54 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-12 15:54 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-12 15:54 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys 2012-05-05 20:30 . 2012-05-05 20:30 -------- d-----w- c:\programdata\MumboJumbo 2012-05-05 20:24 . 2012-05-05 20:24 -------- d-----w- c:\program files (x86)\MumboJumbo 2012-05-04 19:03 . 2012-05-04 19:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-04 19:03 . 2012-05-04 19:03 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 19:03 . 2012-05-04 19:03 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-13 16:10 . 2011-05-29 17:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 10:50 . 2012-04-19 10:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-03-19 11:17 . 2012-03-19 11:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-03-06 23:15 . 2011-01-17 17:41 258520 ----a-w- c:\windows\system32\aswBoot.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-05-30_13.32.05 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-05-30 14:01 39212 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-05-30 14:02 72398 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-12-18 21:22 . 2012-05-30 14:02 12012 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2477298372-428459766-202237345-1000_UserData.bin - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-30 13:59 . 2012-05-30 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-30 13:31 . 2012-05-30 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-30 13:59 . 2012-05-30 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 12:46 . 2012-05-30 13:38 604502 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 604502 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-28 03:40 104202 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2012-05-30 13:38 104202 c:\windows\system32\perfc009.dat - 2011-02-10 14:56 . 2012-05-30 13:29 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-10 14:56 . 2012-05-30 13:58 392016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-30 13:29 . 2012-05-30 13:58 1507292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-8192.dat - 2012-05-30 13:29 . 2012-05-30 13:29 1507292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2477298372-428459766-202237345-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PhotoExplosionCalCheck"="c:\program files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-25 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Susannah\AppData\Roaming\Mozilla\Firefox\Profiles\3ibo47un.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe c:\program files (x86)\Nero\Update\NASvc.exe c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe c:\program files (x86)\AVG\AVG2012\avgidsagent.exe c:\program files\Logitech\SetPoint\x86\SetPoint32.exe . ************************************************************************** . Completion time: 2012-05-30 08:08:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-30 14:08 ComboFix2.txt 2012-05-30 13:40 . Pre-Run: 183,526,543,360 bytes free Post-Run: 183,918,620,672 bytes free . - - End Of File - - A247374F71FD391B3C4C47964372761C
  13. I'm infected with mysearch incredibar. My pc has slowed down to a crawl. Help would be greatly appreciated. OTL log is posted below. OTL logfile created on: 4/30/2012 10:25:27 PM - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\fearless\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 42.76% Memory free 7.93 Gb Paging File | 5.20 Gb Available in Paging File | 65.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 47.77 Gb Free Space | 41.03% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 279.18 Gb Free Space | 83.42% Space Free | Partition Type: NTFS Computer Name: EXECUTIONER | User Name: fearless | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/25 23:14:03 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\fearless\Downloads\OTL.scr PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011/09/26 21:56:16 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe PRC - [2011/09/26 21:56:14 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011/09/14 09:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe PRC - [2011/09/14 09:48:18 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010/11/15 16:50:58 | 000,211,968 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe PRC - [2010/07/28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe PRC - [2010/07/25 02:26:02 | 000,884,736 | ---- | M] () -- C:\Users\fearless\AppData\Local\TVersity\Media Server\MediaServer.exe PRC - [2010/07/20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE PRC - [2010/05/17 11:12:24 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/01/31 05:07:00 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/11/02 18:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/09 14:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/09/25 13:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/09/24 17:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/08/20 00:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2009/08/12 12:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009/06/24 16:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/06/19 14:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 14:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2009/05/18 19:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/12/22 21:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 01:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe PRC - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/04/27 23:14:57 | 008,743,584 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\USERDA~1\NPAPIF~1\gcswf32.dll MOD - [2012/04/27 23:14:57 | 008,743,584 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2009/11/02 18:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 18:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/09/24 17:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe MOD - [2008/08/05 20:16:18 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll MOD - [2008/08/05 20:16:12 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll MOD - [2008/08/05 20:16:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll MOD - [2008/08/05 20:15:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Launchy\platform_win.dll MOD - [2008/08/05 20:15:38 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll MOD - [2008/05/24 13:31:20 | 007,061,504 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll MOD - [2008/05/24 13:20:32 | 000,561,152 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll MOD - [2008/05/24 13:19:38 | 001,961,984 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll MOD - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe MOD - [2007/06/15 14:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007/06/01 21:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/16 18:54:17 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/09/08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:64bit: - [2010/07/28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV:64bit: - [2009/09/17 15:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011/12/10 04:20:23 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2011/09/26 21:56:16 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/26 21:56:14 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/09/14 09:48:18 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2010/12/16 14:09:09 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/11/15 16:50:58 | 000,211,968 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe -- (M4iPodWPDService) SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010/09/08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010/07/25 02:26:02 | 000,884,736 | ---- | M] () [Auto | Running] -- C:\Users\fearless\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2010/07/20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC) SRV - [2010/06/02 16:06:52 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2010/05/17 11:12:24 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/27 12:22:02 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2009/09/14 21:03:42 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/08/02 00:00:20 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/10/07 16:39:18 | 000,307,888 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT) DRV:64bit: - [2010/10/02 10:50:12 | 000,090,112 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010/09/30 13:53:20 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/09/13 15:07:38 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010/08/16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2010/08/16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2010/07/07 11:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2010/06/02 16:07:10 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2010/05/13 18:05:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010/02/25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010/01/31 05:06:55 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010/01/27 12:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2010/01/27 12:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009/11/13 09:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/10/15 05:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:64bit: - [2009/08/21 02:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 04:52:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/09 18:45:11 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/12 21:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/24 15:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2011/09/16 10:36:34 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/22 23:31:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/09/14 09:48:19 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/01/27 12:22:02 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6Oysx20Cp4&i=26 IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 89.109.54.91 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb119?a=6Oysx20Cp4&i=26" FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oysx20Cp4&&i=26&search=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 4444 FF - prefs.js..network.proxy.type: 0 FF - user.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3 FF - user.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - user.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js..network.proxy.http: "localhost" FF - user.js..network.proxy.http_port: 4444 FF - user.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\fearless\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\fearless\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/22 21:55:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/11 22:35:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/02 01:13:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/11 22:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/11 06:17:24 | 000,000,000 | ---D | M] [2010/05/07 15:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Extensions [2012/03/24 00:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions [2010/06/22 13:02:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/06/14 17:39:04 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010/09/04 20:18:02 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\chachaguidebar@chacha.com [2012/04/04 18:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\ffxtlbr@incredibar.com [2011/10/22 21:32:36 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\8r6m1qyi.default\extensions\IplextoALL@ALLPlayer.org [2010/10/27 12:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2010/10/27 12:33:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\fearless\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/02/11 02:19:28 | 000,002,203 | ---- | M] () -- C:\Users\fearless\AppData\Roaming\Mozilla\Firefox\Profiles\8r6m1qyi.default\searchplugins\MyStart Search.xml [2012/03/02 16:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/07/20 16:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 21:17:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/12/22 13:56:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/22 11:26:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/06/09 21:34:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/03/02 16:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/01/02 01:13:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012/03/22 21:55:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\np32asw.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32asw.dll [2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012/03/02 16:08:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\fearless\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\fearless\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\fearless\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/04/07 16:11:54 | 000,442,124 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15190 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Reg Error: Value error.) - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RiccoVPN] File not found O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs) O4 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\fearless\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\fearless\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites) O15 - HKU\S-1-5-21-894866996-3635588399-3167457420-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75BAFEBC-A1D9-41AA-99C9-9A9D191299DB}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\MCPClient: DllName - (C:\PROGRA~2\COMMON~1\Stardock\mcpstub.dll) - C:\Program Files (x86)\Common Files\Stardock\MCPStub.dll (Stardock) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files (x86)\Common Files\Stardock\MCPCore.dll (Stardock) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/04 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\fearless\AppData\Local\Trusteer ========== Files - Modified Within 30 Days ========== [2012/04/30 22:29:20 | 000,114,339 | ---- | M] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE IMPORTANT.rtf [2012/04/30 22:19:59 | 000,257,853 | ---- | M] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE.rtf [2012/04/30 22:12:15 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/30 22:12:14 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894866996-3635588399-3167457420-1001UA.job [2012/04/30 22:11:34 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/30 22:11:30 | 000,000,454 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies [2012/04/30 16:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/30 16:31:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/30 16:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/30 16:14:21 | 3193,864,192 | -HS- | M] () -- C:\hiberfil.sys [2012/04/30 02:56:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894866996-3635588399-3167457420-1001Core.job [2012/04/30 00:40:24 | 000,002,985 | ---- | M] () -- C:\Users\fearless\Documents\SEX PHRASES.rtf [2012/04/20 01:36:35 | 000,000,855 | ---- | M] () -- C:\Users\fearless\Documents\tablet.rtf [2012/04/14 22:43:49 | 000,872,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/14 22:43:49 | 000,726,668 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/14 22:43:49 | 000,146,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/14 22:42:05 | 000,005,951 | ---- | M] () -- C:\Users\fearless\Documents\DOCTORS.rtf [2012/04/09 03:04:45 | 000,466,586 | ---- | M] () -- C:\Users\Public\Documents\PHYSICAL OBJECTS 7.rtf [2012/04/08 23:33:54 | 000,034,617 | ---- | M] () -- C:\Users\fearless\Documents\ME 3.rtf [2012/04/08 23:06:54 | 000,053,852 | ---- | M] () -- C:\Users\fearless\Documents\IMPORTANT 9.rtf [2012/04/08 22:47:39 | 000,128,602 | ---- | M] () -- C:\Users\Public\Documents\WEBSITES 2.rtf [2012/04/08 21:49:44 | 000,100,491 | ---- | M] () -- C:\Users\Public\Documents\PEOPLE IN HISTORY 4.rtf [2012/04/08 21:36:59 | 000,022,056 | ---- | M] () -- C:\Users\fearless\Documents\A AGENCIES, GROUPS, COUNCILS 2.rtf [2012/04/08 19:48:41 | 000,132,099 | ---- | M] () -- C:\Users\Public\Documents\WORLD NEWS 3.rtf [2012/04/08 12:10:38 | 000,065,368 | ---- | M] () -- C:\Users\Public\Documents\WORK RELATIONSHIPS.rtf [2012/04/07 16:11:54 | 000,442,124 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/04/04 22:56:28 | 000,435,104 | ---- | M] () -- C:\Users\fearless\Documents\IMPORTANT 8.rtf [2012/04/01 02:50:13 | 000,003,058 | ---- | M] () -- C:\Users\fearless\Documents\SHROOMZ.rtf ========== Files Created - No Company Name ========== [2012/04/17 00:33:21 | 000,114,339 | ---- | C] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE IMPORTANT.rtf [2012/04/09 03:42:44 | 000,257,853 | ---- | C] () -- C:\Users\fearless\Documents\COMPUTER BAD SHAPE.rtf [2012/04/04 23:08:12 | 000,053,852 | ---- | C] () -- C:\Users\fearless\Documents\IMPORTANT 9.rtf [2011/12/10 03:59:09 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/22 21:32:51 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/10/22 21:32:51 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2010/11/13 15:41:07 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\UnCasino5.exe [2010/11/05 22:08:41 | 000,000,088 | ---- | C] () -- C:\Windows\galaxy.ini [2010/10/31 12:08:57 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/10/30 00:49:09 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2010/10/30 00:49:09 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2010/10/30 00:49:09 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2010/10/30 00:49:09 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2010/10/30 00:49:09 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2010/10/30 00:25:35 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS [2010/10/30 00:25:35 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE [2010/10/30 00:25:34 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI [2010/10/30 00:25:17 | 000,000,287 | ---- | C] () -- C:\Windows\SKNIFE.INI [2010/10/30 00:25:08 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI [2010/09/25 20:23:32 | 000,000,036 | ---- | C] () -- C:\Users\fearless\AppData\Local\housecall.guid.cache [2010/09/17 22:05:04 | 000,866,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/07/02 12:41:34 | 000,004,608 | ---- | C] () -- C:\Users\fearless\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/20 15:25:47 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2010/05/05 05:51:10 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini ========== LOP Check ========== [2011/04/27 23:44:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer [2011/04/27 23:44:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer [2010/06/03 14:45:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\.anomos [2011/02/25 01:10:18 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Acoustica [2010/06/22 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Asus WebStorage [2010/06/22 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Azureus [2011/03/12 15:34:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\BBC Alerts [2011/03/19 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\ChromePlus [2011/07/12 00:35:23 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010/08/10 20:36:15 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Disk Cleaner [2010/08/12 12:06:21 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Dropbox [2012/04/18 08:32:51 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\DVDVideoSoft [2011/02/10 19:37:36 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\DVDVideoSoftIEHelpers [2011/02/28 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\EeeStorageUploader [2011/12/10 00:43:18 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\FMZilla [2011/12/10 00:52:59 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\foobar2000 [2011/06/28 23:20:40 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\GetRightToGo [2010/11/08 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\I2P [2011/12/10 02:47:45 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\IObit [2011/05/01 01:16:40 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Launchy [2010/11/05 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MAGIX [2010/06/22 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Maxthon2 [2011/03/12 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\mioObjects [2010/11/06 13:38:06 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MotioninJoy [2010/09/01 22:00:29 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MusicNet [2011/03/19 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\MxBoost [2010/05/05 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\nomp [2010/06/11 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\OpenDNS Updater [2011/03/19 13:46:27 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Opera [2012/04/04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Orbit [2010/05/20 19:14:35 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\PenProtect [2010/11/05 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\ProgSense [2011/04/23 23:34:31 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\r2 Studios [2010/09/01 22:00:29 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Raptr [2011/05/30 01:32:07 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Sammsoft [2011/12/10 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\SanDisk [2011/03/12 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\scriptocean [2011/07/10 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Skinux [2011/06/29 00:09:48 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Smart Brightness Controller [2010/05/17 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\SoundSpectrum [2012/04/07 17:27:59 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Spyware Terminator [2011/04/24 19:41:30 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Stardock [2010/06/22 15:22:09 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Stellarium [2011/02/28 00:47:48 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\SynthMaker [2011/04/23 23:52:38 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Thinking Minds Budiling Bytes [2011/08/01 23:58:41 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\TrueCrypt [2011/04/04 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Trusteer [2011/07/11 23:52:20 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\Visan [2010/06/24 16:43:55 | 000,000,000 | ---D | M] -- C:\Users\fearless\AppData\Roaming\WindSolutions [2011/08/21 03:55:28 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34 @Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.