Jump to content

Crazy icons on task bar


Recommended Posts

Hi,

I hope you can understand what I am trying to explain.

When I start Freecell an icon is placed on the task bar. When I click on a card the icon moves about a inch to the right of the Mosaic icon. It then moves to the left and slams itself into the icon in place there. There does not seem to be any damage that I can tell. Everything seems to work OK. It is becoming annoying as the cards won't move unless I click with the mouse a bunch of times.

I have run Malwarebytes Pro and I did not find a problem. I have run Spybot S&D and it found some advertising and removed them. I then ran the DDS.scr program that I was told to use. Attached are the two files that the program produced.

I will appreciate any suggestions that you can offer.

Don

Attach..zip

DDS.txt

Link to post
Share on other sites

  • 2 weeks later...

Hi,

I hope you can understand what I am trying to explain.

When I start Freecell an icon is placed on the task bar. When I click on a card the icon moves about a inch to the right of the Mosaic icon. It then moves to the left and slams itself into the icon in place there. There does not seem to be any damage that I can tell. Everything seems to work OK. It is becoming annoying as the cards won't move unless I click with the mouse a bunch of times.

I have run Malwarebytes Pro and I did not find a problem. I have run Spybot S&D and it found some advertising and removed them. I then ran the DDS.scr program that I was told to use. Attached are the two files that the program produced.

I will appreciate any suggestions that you can offer.

Don

Here are the files you wanted included.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Don at 15:55:59 on 2011-12-28

.

============== Running Processes ===============

.

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Text Monkey\TextMonkeyPRO.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Say the Time\SayTimeMain.exe

C:\Program Files (x86)\Say the Time\SayTimeMain.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Say the Time\stttsm.exe

C:\Users\Don\Desktop\dds.scr

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

uURLSearchHooks: H - No File

mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {05933148-9B77-4630-A691-C0D0D9AA11F9} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: {46FB16E4-A7E1-41D1-9BA1-BDF72C2C63A0} - No File

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LocalURL] file:///newsflash\DataBaseProfessional.htm

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: vectorvest.com\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{58E0EDC9-1683-48AB-B134-81C39969B582} : DhcpNameServer = 192.168.0.1

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

BHO-X64: D-Link Toolbar Loader - No File

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll

BHO-X64: Yontoo Layers - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB-X64: {05933148-9B77-4630-A691-C0D0D9AA11F9} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

EB-X64: {46FB16E4-A7E1-41D1-9BA1-BDF72C2C63A0} - No File

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LocalURL] file:///newsflash\DataBaseProfessional.htm

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\im51vnqx.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=mn

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISb.dll

FF - plugin: C:\Users\Don\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R? AMD External Events Utility;AMD External Events Utility

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? epmntdrv;epmntdrv

R? EuGdiDrv;EuGdiDrv

R? gupdatem;Google Update Service (gupdatem)

R? nmwcdnsucx64;Nokia USB Flashing Generic

R? nmwcdnsux64;Nokia USB Flashing Phone Parent

R? PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver

R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader

R? TBIMount;TBIMount

R? TsUsbFlt;TsUsbFlt

R? USBAAPL64;Apple Mobile USB Driver

R? WatAdminSvc;Windows Activation Technologies Service

S? AdobeARMservice;Adobe Acrobat Update Service

S? amdkmdag;amdkmdag

S? amdkmdap;amdkmdap

S? AntiVirFirewallService;Avira FireWall

S? AntiVirMailService;Avira Mail Protection

S? AntiVirSchedulerService;Avira Scheduler

S? AntiVirService;Avira Realtime Protection

S? AntiVirWebService;Avira Web Protection

S? AtiHDAudioService;AMD Function Driver for HD Audio Service

S? avfwim;AvFw Packet Filter Miniport

S? avfwot;avfwot

S? avgntflt;avgntflt

S? avkmgr;avkmgr

S? gupdate;Google Update Service (gupdate)

S? HP Support Assistant Service;HP Support Assistant Service

S? HPDrvMntSvc.exe;HP Quick Synchronization Service

S? IAStorDataMgrSvc;Intel® Rapid Storage Technology

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? phylock;phylock

S? RTL8167;Realtek 8167 NT Driver

S? SBSDWSCService;SBSD Security Center Service

.

=============== File Associations ===============

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-12-28 18:18:39 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-12-28 18:18:39 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-12-28 18:18:39 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-12-28 18:18:39 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-12-28 18:18:39 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-12-28 18:18:38 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-12-28 18:18:37 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-12-28 18:18:37 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-12-28 18:14:25 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-12-28 18:02:40 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-12-25 15:15:10 157016 ----a-w- C:\Windows\UnDeploy.exe

2011-12-22 19:19:45 -------- d-----w- C:\ProgramData\D-Link Toolbar

2011-12-22 19:19:45 -------- d-----w- C:\Program Files (x86)\D-Link Toolbar

2011-12-22 19:19:44 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility

2011-12-21 21:08:57 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-21 21:08:57 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-21 21:08:57 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-21 21:08:57 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-15 13:47:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 13:47:03 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-15 13:47:02 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 13:47:02 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 13:46:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 13:46:59 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-14 00:19:52 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr

.

==================== Find3M ====================

.

2011-11-13 21:17:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll

2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-11-10 03:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-11-10 03:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll

2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll

2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe

2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll

2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll

2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-11-09 16:09:21 286720 ----a-w- C:\Windows\iun506.exe

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-22 01:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll

2011-10-22 01:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll

2011-10-22 01:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll

2011-10-22 01:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll

2011-10-17 17:40:50 93712 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 15:56:43.25 ===============

==== Installed Programs ======================

.

599CD Welcome

6300

6300_Help

6300Trb

Activate Norton Online Backup

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.1)

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Apple Application Support

Apple Software Update

Avira Internet Security 2012

BufferChm

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

CCC Help English

CoffeeCup HTML Editor

CoffeeCup Photo Gallery

CoffeeCup Visual Site Designer 7.0

CoffeeCup Web Form Builder

Copy

D-Link Toolbar

D3DX10

DataBase Professional

Destinations

DeviceDiscovery

DHTML Editing Component

DirectX for Managed Code Update (Summer 2004)

DocProc

Download Updater (AOL LLC)

EASEUS Partition Master 6.5.2 Home Edition

Easy Duplicate Finder v. 3.1

EditPad Pro 7 v.7.0.9

Fax

Google Earth Plug-in

Google Update Helper

GoToMeeting 4.5.0.457

GPBaseService2

H&R Block Deluxe + Efile 2010

Hewlett-Packard ACLM.NET v1.1.1.0

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MAINSTREAM KEYBOARD

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Movie Themes

HP Odometer

HP Photo Creations

HP Product Detection

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPProductAssistant

HPSSupply

HydraVision

Image for Windows 2.65b Trial

ImgBurn

InstantStretch version 3.1.2

Intel® Rapid Storage Technology

IsoBuster 2.8.5

Itibiti RTC

Java Auto Updater

Java 6 Update 22

Java 6 Update 29

Junk Mail filter update

jZip

LabelPrint

Learn to Play Bridge

Learn to Play Bridge 2

LightScribe System Software

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

Microsoft Live Search Toolbar

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Move Media Player

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org 3.3

PacketTrap pt360 Tool Suite

Picasa 3

PictureMover

PixiePack Codec Pack

Power2Go

PowerDirector

PowerRecover

QuickTime

Random House Webster's Unabridged Dictionary

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RoboForm 7-6-4 (All Users)

Safari

Say the Time 11

Scan

ScreenPrint Platinum 5

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Simple Sudoku 4.2

SmartWebPrinting

Snagit 10.0.1

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Spotmau 5.1.1.4846

Spybot - Search & Destroy

Status

System Requirements Lab

TBIView 4.25 - TBIMount 1.06

TeraByte OS Deployment Tool Suite Professional version 1.31

Text Monkey PRO

The Lord of the Rings FREE Trial

Toolbox

TouchCopy 09

TrayApp

UBCD4Win 3.61

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

VectorVest 7

VectorVest U.S.

WebReg

Windows Live Communications Platform

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Link to post
Share on other sites

Hi Chris,

I forgot to include the Mbam log. Here it is:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.29.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Don :: 20091113HP [administrator]

Protection: Disabled

12/29/2011 8:48:46 AM

mbam-log-2011-12-29 (08-48-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 175709

Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hi Chris,

Here is the new dds.log:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Don at 13:39:31 on 2012-01-01

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {05933148-9B77-4630-A691-C0D0D9AA11F9} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {46FB16E4-A7E1-41D1-9BA1-BDF72C2C63A0} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: vectorvest.com\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{58E0EDC9-1683-48AB-B134-81C39969B582} : DhcpNameServer = 192.168.0.1

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

BHO-X64: D-Link Toolbar Loader - No File

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll

BHO-X64: Yontoo Layers - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB-X64: {05933148-9B77-4630-A691-C0D0D9AA11F9} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB-X64: {46FB16E4-A7E1-41D1-9BA1-BDF72C2C63A0} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\im51vnqx.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=mn

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISb.dll

FF - plugin: C:\Users\Don\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-01-01 18:22:48 -------- d-----w- C:\$RECYCLE.BIN

2012-01-01 18:13:04 98816 ----a-w- C:\Windows\sed.exe

2012-01-01 18:13:04 518144 ----a-w- C:\Windows\SWREG.exe

2012-01-01 18:13:04 256000 ----a-w- C:\Windows\PEV.exe

2012-01-01 18:13:04 208896 ----a-w- C:\Windows\MBR.exe

2011-12-29 18:06:50 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-12-29 18:06:31 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-12-28 18:18:39 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-12-28 18:18:39 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-12-28 18:18:39 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-12-28 18:18:39 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-12-28 18:18:39 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-12-28 18:18:38 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-12-28 18:18:37 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-12-28 18:18:37 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-12-28 18:14:25 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-12-28 18:02:40 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-12-25 15:15:10 157016 ----a-w- C:\Windows\UnDeploy.exe

2011-12-22 19:19:45 -------- d-----w- C:\ProgramData\D-Link Toolbar

2011-12-22 19:19:45 -------- d-----w- C:\Program Files (x86)\D-Link Toolbar

2011-12-22 19:19:44 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility

2011-12-21 21:08:57 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-21 21:08:57 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-21 21:08:57 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-21 21:08:57 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-15 13:47:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 13:47:03 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-15 13:47:02 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 13:47:02 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 13:46:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 13:46:59 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-14 00:19:52 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr

.

==================== Find3M ====================

.

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-13 21:17:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll

2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-11-10 03:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-11-10 03:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll

2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll

2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe

2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll

2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll

2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-11-09 16:09:21 286720 ----a-w- C:\Windows\iun506.exe

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-22 01:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll

2011-10-22 01:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll

2011-10-22 01:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll

2011-10-22 01:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll

2011-10-17 17:40:50 93712 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

.

============= FINISH: 13:39:58.95 ===============

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Here is the ComboFix Log:

ComboFix 12-01-01.01 - Don 01/01/2012 13:14:17.1.2 - x64

Running from: c:\users\Don\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\hosts

C:\Install.exe

c:\users\Don\AppData\Local\assembly\tmp

c:\users\Don\AppData\Roaming\PCFix

c:\users\Don\GoToAssistDownloadHelper.exe

c:\windows\Downloaded Program Files\x64

c:\windows\Downloaded Program Files\x64\racodec.ax

c:\windows\Downloaded Program Files\x86

c:\windows\Downloaded Program Files\x86\racodec.ax

c:\windows\sqlite3.dll

E:\Setup.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_wuauserv

.

.

((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))

.

.

2012-01-01 18:20 . 2012-01-01 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-29 18:06 . 2011-12-29 18:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-12-28 18:31 . 2011-12-28 18:31 -------- d-----w- c:\programdata\InstallShield

2011-12-28 18:18 . 2006-02-07 20:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2011-12-28 18:18 . 2006-02-07 20:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-12-28 18:18 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-12-28 18:18 . 2006-02-07 20:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-12-28 18:18 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-12-28 18:18 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-12-28 18:18 . 2011-12-28 18:18 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-12-28 18:18 . 2011-12-28 18:18 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-12-28 18:14 . 2011-12-28 18:14 -------- d-----w- c:\programdata\ATI

2011-12-28 18:14 . 2011-12-28 18:14 -------- d-----w- c:\program files (x86)\AMD APP

2011-12-28 18:02 . 2011-12-28 18:02 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2011-12-28 18:02 . 2011-12-28 18:02 -------- d-----w- c:\users\Don\AppData\Roaming\SystemRequirementsLab

2011-12-25 15:15 . 2011-12-09 15:15 157016 ----a-w- c:\windows\UnDeploy.exe

2011-12-22 19:19 . 2011-12-22 19:19 -------- d-----w- c:\programdata\D-Link Toolbar

2011-12-22 19:19 . 2011-12-22 19:19 -------- d-----w- c:\program files (x86)\D-Link Toolbar

2011-12-22 19:19 . 2011-12-22 19:19 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2011-12-21 21:08 . 2011-12-23 21:19 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-21 21:08 . 2011-12-21 21:08 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-21 21:08 . 2011-12-21 21:08 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-21 21:08 . 2011-12-21 21:08 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-15 13:47 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 13:47 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 13:47 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 13:47 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-15 13:46 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 13:46 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-29 18:06 . 2011-12-29 18:06 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-12-29 18:06 . 2010-02-27 12:50 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-12-10 20:24 . 2010-08-03 18:49 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-08 13:54 . 2011-10-12 14:11 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-11-13 21:17 . 2011-05-28 18:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll

2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll

2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll

2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-11-10 03:16 . 2011-06-01 06:02 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-11-10 03:15 . 2010-03-11 03:32 927232 ----a-w- c:\windows\system32\aticfx64.dll

2011-11-10 03:12 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe

2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-11-10 03:09 . 2011-06-01 05:56 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-11-10 03:06 . 2011-06-01 05:52 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-11-10 02:51 . 2009-11-07 01:39 7405056 ----a-w- c:\windows\system32\atidxx64.dll

2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-11-10 02:40 . 2011-09-08 17:18 4061696 ----a-w- c:\windows\system32\atiumd6a.dll

2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll

2011-11-10 02:33 . 2011-11-10 02:33 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-11-10 02:29 . 2011-11-10 02:29 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-11-10 02:24 . 2011-09-08 17:00 7439360 ----a-w- c:\windows\system32\atiumd64.dll

2011-11-10 02:18 . 2010-03-11 02:49 58880 ----a-w- c:\windows\system32\coinst.dll

2011-11-10 02:13 . 2011-09-08 16:53 494592 ----a-w- c:\windows\system32\atiadlxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-11-10 02:11 . 2010-03-11 02:33 41984 ----a-w- c:\windows\system32\atiuxp64.dll

2011-11-10 02:11 . 2011-06-01 05:18 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-11-10 02:11 . 2011-07-28 20:53 39424 ----a-w- c:\windows\system32\atiu9p64.dll

2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-11-10 02:11 . 2011-11-10 02:11 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-11-09 16:09 . 2011-07-06 19:29 286720 ----a-w- c:\windows\iun506.exe

2011-10-22 01:16 . 2011-10-22 01:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll

2011-10-22 01:15 . 2011-10-22 01:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll

2011-10-22 01:12 . 2011-10-22 01:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll

2011-10-22 01:07 . 2011-10-22 01:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll

2011-10-17 17:40 . 2011-10-17 17:40 93712 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

2011-10-14 14:21 . 2011-10-14 14:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-10-14 14:21 . 2011-10-14 14:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-10-14 14:21 . 2011-10-14 14:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-10-14 14:21 . 2011-10-14 14:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-10-14 14:21 . 2011-10-14 14:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-10-14 14:21 . 2011-10-14 14:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-10-14 14:21 . 2011-10-14 14:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-10-14 14:21 . 2011-10-14 14:21 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-10-14 14:21 . 2011-10-14 14:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-10-14 14:21 . 2011-10-14 14:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-10-14 14:21 . 2011-10-14 14:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-10-14 14:21 . 2011-10-14 14:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-10-14 14:21 . 2011-10-14 14:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-10-14 14:21 . 2011-10-14 14:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-10-14 14:21 . 2011-10-14 14:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-10-14 14:21 . 2011-10-14 14:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-10-14 14:21 . 2011-10-14 14:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-10-14 14:21 . 2011-10-14 14:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-10-14 14:21 . 2011-10-14 14:21 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-10-14 14:21 . 2011-10-14 14:21 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-10-14 14:21 . 2011-10-14 14:21 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-10-14 14:21 . 2011-10-14 14:21 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-10-14 14:21 . 2011-10-14 14:21 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-10-14 14:21 . 2011-10-14 14:21 448512 ----a-w- c:\windows\system32\html.iec

2011-10-14 14:21 . 2011-10-14 14:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-10-14 14:21 . 2011-10-14 14:21 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-10-14 14:21 . 2011-10-14 14:21 222208 ----a-w- c:\windows\system32\msls31.dll

2011-10-14 14:21 . 2011-10-14 14:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-10-14 14:21 . 2011-10-14 14:21 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-10-14 14:21 . 2011-10-14 14:21 160256 ----a-w- c:\windows\system32\wextract.exe

2011-10-14 14:21 . 2011-10-14 14:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-10-14 14:21 . 2011-10-14 14:21 12288 ----a-w- c:\windows\system32\mshta.exe

2011-10-14 14:21 . 2011-10-14 14:21 114176 ----a-w- c:\windows\system32\admparse.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-07-15 04:46 195360 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-30 107000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]

.

c:\users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Text Monkey PRO.lnk - [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - [N/A]

PictureMover.lnk - [N/A]

Say the Time.lnk - [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"1A:Stardock TrayMonitor"=

"Say the Time"=

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 136176]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-06-10 23536]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TBIMount;TBIMount;c:\windows\System32\drivers\tbimount.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-10-05 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-08 342480]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-05 463824]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 136176]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 23:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-04 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-07-04 14:57]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 15:26]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 15:26]

.

2012-01-01 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-10-10 16:53]

.

2012-01-01 c:\windows\Tasks\HPCeeScheduleForDon.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]

.

2011-01-01 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]

"combofix"="c:\combofix\CF9326.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: vectorvest.com\www

TCP: DhcpNameServer = 192.168.0.1

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\im51vnqx.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=mn

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

------- File Associations -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Wow6432Node-HKLM-Run-LocalURL - file:///newsflash\DataBaseProfessional.htm

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

AddRemove-Random House Webster's Unabridged Dictionary - c:\program files (x86)\Random House

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]

"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe

c:\program files (x86)\PictureMover\Bin\PictureMover.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

c:\program files (x86)\Text Monkey\TextMonkeyPRO.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Say the Time\SayTimeMain.exe

c:\program files (x86)\Say the Time\SayTimeMain.exe

c:\program files (x86)\Say the Time\stttsm.exe

.

**************************************************************************

.

Completion time: 2012-01-01 13:27:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-01 18:27

.

Pre-Run: 578,237,247,488 bytes free

Post-Run: 577,906,597,888 bytes free

.

- - End Of File - - A562E57EEE0F1A3AF7F2241EFA1CC431

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Uninstall any of these if present:

Yontoo

Yontoo Toolbar

Yontoo Layers Runtime

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Here is the log file from running ESAT. It found and deleted 13 infection.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=89e9ccb2009ddf4397ef2e2ecbc05cb9

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-09 06:12:21

# local_time=2012-01-09 01:12:21 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 6776512 6776512 0 0

# compatibility_mode=5893 16776574 100 94 18253218 77670219 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=207365

# found=13

# cleaned=13

# scan_time=5972

C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\2jEIPlug.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISb.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\Paragon B_U & Restore\cnet_br_free_advanced_msi.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\Register Booster\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\UBCD\SoftonicDownloader_for_ultimate-boot-cd.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\Uniblue Systems\Power Suite\powersuite.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\Reg Zooka\regzookasetup.exe a variant of Win32/Adware.RegGenie application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\Roboform Siber Systems\registrybooster2rboupd.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\Softonic Downloader\SoftonicDownloader_for_ultimate-boot-cd.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\VLC Media Player\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (deleted - quarantined) 00000000000000000000000000000000 C

***************************************************End of Esat log file ***************************************************************

Link to post
Share on other sites

Hi,

Here is the log file from running ESAT. It found and deleted 13 infection.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=89e9ccb2009ddf4397ef2e2ecbc05cb9

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-09 06:12:21

# local_time=2012-01-09 01:12:21 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 6776512 6776512 0 0

# compatibility_mode=5893 16776574 100 94 18253218 77670219 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=207365

# found=13

# cleaned=13

# scan_time=5972

C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\2jEIPlug.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISb.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\Paragon B_U & Restore\cnet_br_free_advanced_msi.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\Register Booster\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\UBCD\SoftonicDownloader_for_ultimate-boot-cd.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Documents\Downloads\Uniblue Systems\Power Suite\powersuite.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\Reg Zooka\regzookasetup.exe a variant of Win32/Adware.RegGenie application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\Roboform Siber Systems\registrybooster2rboupd.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\Softonic Downloader\SoftonicDownloader_for_ultimate-boot-cd.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Don\Downloads\VLC Media Player\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (deleted - quarantined) 00000000000000000000000000000000 C

***************************************************End of Esat log file ***************************************************************

******************************** Log file from Security Check (Screen 317) ************************************************************

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Avira Internet Security 2012

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 29

Java 6 Update 22

Java version out of date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (9.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

***************************************************************************************************************

Link to post
Share on other sites

When I start a program an icon from that program appears on the task bar (the bar at the bottom of the screen which holds the start button at one end and the date and other items at the other end). Say I open freecell. When I click on a playing card the icon moves about 1 " to the right and then slams itself left against other icons that might be there. There also is a brief flash of the display (where the screen brightens breifly then returns to normal). The flash does not happen all the time but seems to be synced with the left mouse button. Many times I have to click 4 or 5 times to get the playing card to move where I want it. That is about the best I can do to describe what is happening. I have no idea how I acquired this little bugger but I am ready to get rid of it.

Thanks for answering my plea.

Link to post
Share on other sites

  • Staff

How odd. Some setting must have gotten screwed up but I don't think malware is to blame. Perhaps it was one of your Registry cleaners.

I recommend uninstalling:

Uniblue

RegZooka

RegistryBooster

..and any other similar program.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Run TFC by OldTimer to clear temporary files:

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 29

Java™ 6 Update 22

Adobe Reader 9

Restart your computer.

Get the latest version of Java and Adobe Reader.

I now suggest that you post in our PC Help forum for this remaining issue.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.