iYogi crap

[gkannon77]

Damn. I was duped into thinking I was speaking to Belkin cust support cause the phone # I googled had top billing (shoulda known better)

It was an iYogi rep instead. SO:

Remote access ensues; the tech installs:

PCDiagnostics

SD Setup

Along with some random iYogi toolbars and persistent homepage changes that are really annoying. Search engine default changed also

"Search Protect" by Conduit must have been added also b/c I found it in msconfig (I tried to uninstal Search Protect by Conduit with Revo-uninstall, it still appears but with a unknown manufacturer

I'm sure i am forgetting some minor details/malware I noticed but that is the jist of it.

He stated I had some registry errors and some old files that cold be cleaned up. Thanks, but I can do that my self.

He really tried hard to charge me $150/yr, promising I needed it now or else my PC could crash. I politefully declined

Funny thing was I was calling b/c my belkin wireless USB wasn't working.

Jerks.

After reading other's experience with iYogi's as well as their ?able history with Avast, I'm not surprised.

Malwarebytes gave the all clear

But I do need some help here; so what should step number one be?:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2

Run by Owner at 1:59:31 on 2013-05-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1157 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\iashost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\WINDOWS\ModPS2Key.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN12305727558567937&UM=2&ctid=CT3287822

uProxyOverride = <local>;*.local

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRunOnce: [spUninstallDeleteDir] rmdir /s /q "c:\users\owner\appdata\roaming\SearchProtect"

mRun: [ModPS2] ModPS2Key.exe

mRun: [CHotkey] zHotkey.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRunOnce: [spUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1000m\WNA1000M.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Easy-WebPrint Add To Print List - <no file>

IE: Easy-WebPrint High Speed Print - <no file>

IE: Easy-WebPrint Preview - <no file>

IE: Easy-WebPrint Print - <no file>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tutorvista.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{3D8143BD-3539-46DE-B3D4-B43EC7C79476} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{530BA2FD-8815-43E9-AC25-EBD8BFE1EE37} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{8DADE688-2E61-4B99-9122-05E1D73D5004} : DHCPNameServer = 10.0.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]

R2 WlanWpsSvc;WlanWpsSvc;c:\program files\netgear\wna1000m\WlanWpsSvc.exe [2010-11-16 174560]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-8-11 542312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-4-14 99344]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\drivers\WNA1000M.sys [2011-1-31 700520]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-4-17 121192]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-4-17 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-4-17 136680]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\drivers\usbvm302.sys [2004-3-19 90968]

.

=============== File Associations ===============

.

ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"

.

=============== Created Last 30 ================

.

2013-05-12 04:16:32 -------- d-----w- c:\users\owner\appdata\roaming\7 Sticky Notes

2013-05-12 04:15:49 805376 ----a-w- c:\windows\system32\EditCtlsU.ocx

2013-05-12 04:15:49 604672 ----a-w- c:\windows\system32\ExTVwU.ocx

2013-05-12 04:15:49 198456 ----a-w- c:\windows\system32\MCI32.OCX

2013-05-12 04:15:49 1351392 ----a-w- c:\windows\system32\comctl32.ocx

2013-05-12 04:15:49 1031168 ----a-w- c:\windows\system32\ExLVwU.ocx

2013-05-12 04:15:48 554008 ----a-w- c:\windows\system32\dao360.dll

2013-05-12 04:15:48 -------- d-----w- c:\program files\7 Sticky Notes

2013-05-11 19:53:43 -------- d-----w- C:\components

2013-05-08 04:03:58 -------- d-----w- c:\program files\Conduit

2013-05-08 04:03:55 -------- d-----w- c:\users\owner\appdata\local\Conduit

2013-05-08 04:03:49 -------- d-----w- c:\program files\VS Revo Group

2013-05-08 04:03:32 -------- d-----w- c:\users\owner\appdata\local\CRE

2013-05-08 03:33:36 -------- d-----w- c:\program files\CCleaner

2013-05-08 01:12:59 -------- d-----w- c:\users\owner\appdata\roaming\QuickScan

2013-05-08 01:12:11 -------- d-----w- c:\programdata\SmartPCScan

2013-05-08 00:57:51 -------- d-----w- c:\program files\iYogi Support Dock

2013-04-29 03:15:41 178688 ----a-w- c:\windows\system32\unrar.dll

2013-04-29 03:15:38 -------- d-----w- c:\program files\K-Lite Codec Pack

2013-04-24 11:09:08 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-21 02:22:21 -------- d-----w- c:\program files\tixati

2013-04-18 01:34:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-17 23:53:28 -------- d-----w- c:\programdata\Samsung

2013-04-17 23:53:17 -------- d-----w- c:\program files\Samsung

2013-04-15 16:13:25 64000 ----a-w- c:\windows\system32\smss.exe

2013-04-15 16:13:25 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-15 16:13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-15 16:13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-15 16:13:24 2067968 ----a-w- c:\windows\system32\mstscax.dll

2013-04-15 16:13:23 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-04-15 16:13:23 2049024 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2013-04-18 05:56:13 821824 ----a-w- c:\windows\system32\dgderapi.dll

2013-04-18 05:56:13 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2013-04-18 05:56:13 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-29 06:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-03-21 07:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-03-19 23:40:16 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-19 23:40:16 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-01 14:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

============= FINISH: 2:00:08.05 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/5/2007 7:08:56 AM

System Uptime: 5/9/2013 9:03:36 PM (53 hours ago)

.

Motherboard: ELITEGROUP | | MCP61PM-AM

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2000/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 121.507 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 4.461 GiB free.

E: is CDROM ()

H: is FIXED (NTFS) - 932 GiB total, 831.774 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_058F&PID_6377\920321111113

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_058F&PID_6377\920321111113

Service: USBSTOR

.

Class GUID:

Description:

Device ID: ROOT\LEGACY_SSDPSRV\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_SSDPSRV\0000

Service:

.

==== System Restore Points ===================

.

RP1956: 4/30/2013 10:28:01 PM - Windows Update

RP1957: 5/1/2013 11:33:07 AM - Scheduled Checkpoint

RP1958: 5/2/2013 12:00:01 AM - Scheduled Checkpoint

RP1959: 5/3/2013 12:05:25 AM - Scheduled Checkpoint

RP1960: 5/4/2013 - Scheduled Checkpoint

RP1961: 5/4/2013 3:02:58 PM - Removed Belkin USB Wireless Adapter

RP1962: 5/5/2013 12:26:05 PM - Installed Belkin USB Wireless Adapter

RP1963: 5/6/2013 4:28:37 PM - Scheduled Checkpoint

RP1964: 5/7/2013 11:18:44 PM - Installed AVG 2013

RP1965: 5/8/2013 12:10:46 AM - Installed Kaspersky Security Scan.

RP1967: 5/8/2013 12:16:04 AM - Revo Uninstaller's restore point - MixiDJ V8 Toolbar

RP1969: 5/8/2013 12:21:04 AM - Revo Uninstaller's restore point - PunkBuster Services

RP1971: 5/8/2013 12:24:57 AM - Revo Uninstaller's restore point - Kaspersky Security Scan

RP1973: 5/8/2013 12:26:07 AM - First Restore Point

RP1974: 5/9/2013 9:48:05 PM - Scheduled Checkpoint

RP1976: 5/11/2013 3:52:33 PM - Revo Uninstaller's restore point - Search Protect by conduit

RP1978: 5/12/2013 12:19:52 AM - Revo Uninstaller's restore point - 7 Sticky Notes

RP1980: 5/12/2013 12:22:07 AM - Revo Uninstaller's restore point - 7 Sticky Notes

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

ABBYY FineReader 5.0 Sprint Plus

Adobe Acrobat Connect Add-in

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.1

Adobe Shockwave Player 11

Agere Systems PCI-SV92PP Soft Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression for Kodak

ArcSoft PhotoStudio 5.5

ArcSoft Software Suite

ATI AVIVO Codecs

ATI Catalyst Install Manager

Audacity 1.2.6

Auslogics BoostSpeed

AVG 2013

Belkin USB Wireless Adapter

Bonjour

Browser Address Error Redirector

BufferChm

C4400

C4400_Help

Cards_Calendar_OrderGift_DoMorePlugout

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CDDRV_Installer

CleanUp!

Click to Call with Skype

Compatibility Pack for the 2007 Office system

Copy

CustomerResearchQFolder

D3DX10

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

erLT

eSupportQFolder

Facebook Plug-In

FormatFactory 2.20

Glary Utilities 2.33.0.1158

Google Chrome

Google Earth

Google Update Helper

GPBaseService

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 10.0

HP Imaging Device Functions 10.0

HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3

HP Photosmart Essential 2.5

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

HydraVision

iTunes

Java 7 Update 21

Java Auto Updater

K-Lite Codec Pack 9.8.5 (Standard)

KhalInstallWrapper

Kies mini

Logitech Communications Manager

Logitech SetPoint

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Starter Edition 2006

Microsoft Digital Image Starter Edition 2006 Editor

Microsoft Digital Image Starter Edition 2006 Library

Microsoft LifeCam

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

NETGEAR WNA1000M Wireless USB 2.0 Adapter

Next Generation Visualisations

NVIDIA Drivers

OCR Software by I.R.I.S. 10.0

PanoStandAlone

PASW Statistics 18

Pocket Tanks v1.3

PS_AIO_03_C4400_ProductContext

PS_AIO_03_C4400_Software

PS_AIO_03_C4400_Software_Min

PS2 Multimedia Keyboard Driver

PSSWCORE

QuickTime

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

SAMSUNG USB Driver for Mobile Phones

Scan

ScanSoft OmniPage SE 4.0

ScanToWeb

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Segoe UI

Skype™ 5.10

SmartWebPrintingOC

SolutionCenter

Status

The Merck Index v 13.1

Tixati

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VideoToolkit01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.0.2

WebReg

WinDjView 1.0.3

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinRAR archiver

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

5/9/2013 9:06:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool i8042prt

5/9/2013 9:06:19 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

5/9/2013 9:05:56 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

5/9/2013 9:05:56 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/9/2013 5:58:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 08863BDF55F2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

5/9/2013 5:58:46 PM, Error: EventLog [6008] - The previous system shutdown at 8:22:06 AM on 5/9/2013 was unexpected.

5/7/2013 8:58:03 PM, Error: Service Control Manager [7030] - The Support Dock Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/7/2013 10:46:22 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 08863BDF55F2. The following error occurred: Element not found.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

5/7/2013 10:35:45 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 08863BDF55F2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

5/5/2013 12:01:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 70.119.196.137 for the Network Card with network address 001BB974FEDB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

[gkannon77]

Am I to assume the all clear?

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:

Click on the

Follow This Topic Button

(at the top right of this page), make sure that the

Receive notification

box is checked and that it is set to

Instantly

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and

Please don't waste my time by leaving before that

.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[gkannon77]

Just FYI:

Ive d/l RougeKiller32 but have gone through some help at BleepingComputer.com as well, including running Rkill early on.

We are now at the part of simply upgrading adobe, tweaking Quick Setup, those sort of things.

Haven't got the all clear, but wanted to be up front with you guys. I know ur busy.

Any harm in running the Rougekiller32 just to see what's spit out?

[MrCharlie]

If you're being helped at BleepingComputer then stay in that topic.

Posting at several different help for the same problem is not allowed.

MrC

[gkannon77]

It was just a case of first come first serve.

I donate every time, b/c I know how busy you folks seem.

Considered all clear, per bleepingPC!

Best,

Greg

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!