Jump to content

aol hijacked browser


Recommended Posts

Hello californiahippychick and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Prairie Dawn at 21:54:47 on 2013-06-24
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8081.6209 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uRun: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{54C51214-2E62-4190-BAEC-EDB2DB5DFE1C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{54C51214-2E62-4190-BAEC-EDB2DB5DFE1C}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E6B693AB-3F11-496C-B231-B086E32881A3} : DHCPNameServer = 172.168.0.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Prairie Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\p2s0rg57.default\


FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - ExtSQL: 2013-06-22 17:24; qjotkp@zozchsare.org; C:\Users\Prairie Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\p2s0rg57.default\extensions\qjotkp@zozchsare.org
FF - ExtSQL: 1969-12-31 16:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; C:\Users\Prairie Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\p2s0rg57.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 74924e570000000000006036ddd2323d
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15831
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1616:23:39
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-28 650808]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-5-18 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-6 283200]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-4 14904]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-4 2457232]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-2-4 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-4 165760]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-4 364416]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [2013-6-24 1393240]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-19 138912]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130622.001\IDSviA64.sys [2013-6-24 513184]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-2-4 342528]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 NETwNe64;@oem13.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-4 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-14 43832]
R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-2-20 23552]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-17 23448]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-18 1471352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-2-4 273040]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-14 41272]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-25 04:28:22    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Roaming\Malwarebytes
2013-06-25 04:27:55    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-25 04:27:54    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-25 04:27:54    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 03:59:03    224256    ----a-w-    C:\Windows\System32\HPToneCtrls64.dll
2013-06-25 03:59:02    7986176    ----a-w-    C:\Windows\System32\IDTNGUI.exe
2013-06-25 03:59:02    7712256    ----a-w-    C:\Windows\System32\IDTNHP.dll
2013-06-25 03:59:02    6085632    ----a-w-    C:\Windows\System32\stlang64.dll
2013-06-25 03:59:02    464384    ----a-w-    C:\Windows\System32\slapoi64.dll
2013-06-25 03:59:02    253952    ----a-w-    C:\Windows\System32\IDTNJ.exe
2013-06-25 03:59:02    2211840    ----a-w-    C:\Windows\System32\IDTNX.dll
2013-06-25 03:59:02    1821184    ----a-w-    C:\Windows\System32\IDTNC64.cpl
2013-06-25 03:59:02    1664000    ----a-w-    C:\Windows\sttray64.exe
2013-06-25 03:58:58    --------    d-----w-    C:\Program Files\IDT
2013-06-23 22:08:04    --------    d-----w-    C:\Windows\LastGood.Tmp
2013-06-23 00:23:01    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Roaming\EZDownloader
2013-06-23 00:22:42    --------    d-----w-    C:\ProgramData\StarApp
2013-06-23 00:22:36    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Local\Programs
2013-06-23 00:22:02    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Local\Google
2013-06-23 00:22:02    --------    d-----w-    C:\ProgramData\safE syavve
2013-06-23 00:19:35    --------    d-----w-    C:\ProgramData\InstallMate
2013-06-18 00:58:46    796760    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-06-18 00:58:46    493656    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-06-18 00:58:46    433752    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-06-18 00:58:46    36952    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-06-18 00:58:46    23448    ----a-r-    C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-06-18 00:58:46    224416    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-06-18 00:58:46    169048    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-06-18 00:58:46    1139800    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-06-18 00:58:27    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1404000.028
2013-06-18 00:55:23    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-06-18 00:55:23    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-06-18 00:55:21    888320    ----a-w-    C:\Windows\System32\autochk.exe
2013-06-18 00:55:21    793088    ----a-w-    C:\Windows\SysWow64\autochk.exe
2013-06-18 00:55:21    542208    ----a-w-    C:\Windows\System32\untfs.dll
2013-06-18 00:55:21    482816    ----a-w-    C:\Windows\SysWow64\untfs.dll
2013-06-16 01:26:05    13644288    ----a-w-    C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-16 01:26:03    10788864    ----a-w-    C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-06-16 01:26:01    1332736    ----a-w-    C:\Windows\System32\sysmain.dll
2013-06-16 01:26:01    1131520    ----a-w-    C:\Windows\System32\AppXDeploymentServer.dll
2013-06-16 01:26:00    10116096    ----a-w-    C:\Windows\System32\twinui.dll
2013-06-12 04:15:15    17271808    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-12 04:14:59    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-07 23:16:23    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Local\Thunderbird
.
==================== Find3M  ====================
.
2013-06-19 04:58:49    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-04 22:09:22    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-19 05:49:14    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-05-19 05:49:14    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-05-19 05:49:14    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2013-05-15 22:37:03    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-05-14 13:14:01    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-06 23:22:43    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-05-04 07:58:17    120736    ----a-w-    C:\Windows\System32\AuthHost.exe
2013-05-04 07:45:29    2233600    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-04 07:34:17    446720    ----a-w-    C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15    284416    ----a-w-    C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56    39424    ----a-w-    C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51    1483776    ----a-w-    C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36    812544    ----a-w-    C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25    98304    ----a-w-    C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25    251904    ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25    141824    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24    1619968    ----a-w-    C:\Windows\System32\wucltux.dll
2013-05-04 06:58:54    328192    ----a-w-    C:\Windows\System32\ubpm.dll
2013-05-04 06:58:49    173568    ----a-w-    C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:48    330240    ----a-w-    C:\Windows\System32\stobject.dll
2013-05-04 06:58:28    93696    ----a-w-    C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02    470528    ----a-w-    C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02    151552    ----a-w-    C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01    169984    ----a-w-    C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59    17408    ----a-w-    C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46    560640    ----a-w-    C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15    501760    ----a-w-    C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05    179712    ----a-w-    C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05    122368    ----a-w-    C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04    389120    ----a-w-    C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04    2305024    ----a-w-    C:\Windows\System32\authui.dll
2013-05-04 06:57:00    708096    ----a-w-    C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:56:53    419840    ----a-w-    C:\Windows\System32\intl.cpl
2013-05-04 04:58:34    34304    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14    758784    ----a-w-    C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02    83968    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02    125952    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:39    8857088    ----a-w-    C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39    247296    ----a-w-    C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35    303616    ----a-w-    C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16    18432    ----a-w-    C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04    151040    ----a-w-    C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04    115712    ----a-w-    C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:57:02    14336    ----a-w-    C:\Windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48    411136    ----a-w-    C:\Windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14    449536    ----a-w-    C:\Windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06    92160    ----a-w-    C:\Windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05    309760    ----a-w-    C:\Windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05    2035712    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-04 04:55:58    389632    ----a-w-    C:\Windows\SysWow64\intl.cpl
2013-05-04 04:51:38    14848    ----a-w-    C:\Windows\System32\rars.rs
2013-05-04 04:48:33    83968    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26    27648    ----a-w-    C:\Windows\System32\drivers\hidusb.sys
2013-05-04 04:47:02    427520    ----a-w-    C:\Windows\System32\drivers\rdbss.sys
2013-05-04 04:10:47    14848    ----a-w-    C:\Windows\SysWow64\rars.rs
2013-04-28 22:30:55    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-28 22:30:12    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-28 22:28:29    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-04-28 22:28:00    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-27 05:20:12    733184    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-23 23:13:53    1013248    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-04-23 23:12:44    1569792    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-04-23 23:12:44    109056    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-04-23 22:56:35    1255936    ----a-w-    C:\Windows\System32\certutil.exe
2013-04-23 22:55:48    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-04-23 22:55:48    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-04-23 22:55:48    141312    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-04-16 02:34:44    1455368    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35    444416    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48    6987528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-09 05:33:02    489576    ----a-w-    C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02    446792    ----a-w-    C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02    253544    ----a-w-    C:\Windows\System32\audiodg.exe
2013-04-09 05:20:02    86280    ----a-w-    C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02    306952    ----a-w-    C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05    77960    ----a-w-    C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57    1829408    ----a-w-    C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07    816128    ----a-w-    C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07    373760    ----a-w-    C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07    197120    ----a-w-    C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07    126464    ----a-w-    C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06    804352    ----a-w-    C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51    367616    ----a-w-    C:\Windows\System32\conhost.exe
2013-04-09 04:51:45    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41    99840    ----a-w-    C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41    456704    ----a-w-    C:\Windows\System32\wpncore.dll
2013-04-09 04:51:17    595456    ----a-w-    C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17    391168    ----a-w-    C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03    3552768    ----a-w-    C:\Windows\System32\tquery.dll
2013-04-09 04:50:53    414720    ----a-w-    C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39    422400    ----a-w-    C:\Windows\System32\schannel.dll
2013-04-09 04:50:39    1285632    ----a-w-    C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03    96256    ----a-w-    C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03    745984    ----a-w-    C:\Windows\System32\mssvp.dll
.
============= FINISH: 21:55:30.36 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 2/15/2013 9:16:31 PM
System Uptime: 6/24/2013 9:35:17 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 181C
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 672 GiB total, 557.107 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 3.103 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP18: 5/18/2013 9:31:34 AM - Windows Update
RP19: 6/15/2013 4:29:36 PM - Windows Update
RP20: 6/23/2013 2:40:42 PM - HPSF Applying updates
RP21: 6/23/2013 2:40:44 PM - HPSF Applying updates
RP22: 6/24/2013 8:53:46 PM - Removed IDT Audio
.
==== Installed Programs ======================
.
4 Elements II
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AuthenTec TrueAPI 64-bit
AutoCAD 2014 - English
AutoCAD 2014 Language Pack - English
Autodesk 360
Autodesk App Manager
Autodesk AutoCAD 2014 - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Featured Apps
Autodesk Material Library 2014
Autodesk Material Library Base Resolution Image Library 2014
Autodesk ReCap
Autodesk ReCap Language Pack-English
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Bundled software uninstaller
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
DAEMON Tools Lite
Energy Star
Farm Frenzy
FARO LS 1.1.501.0 (64bit)
FATE: The Cursed King
Final Drive Fury
Gardenscapes: Mansion Makeover
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
House of 1000 Doors: Family Secrets
Hoyle Card Games
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Remote
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP SimplePass
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® WiDi
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
Movie Maker
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
Norton Internet Security
Peggle Nights
Penguins!
Photo Common
Photo Gallery
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Royal Envoy 2 Collector's Edition
SketchUp Import for AutoCAD 2014
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Update Installer for WildTangent Games App
Validity WBF DDK
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop
Zuma's Revenge
.
==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • a new fresh DDS log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Prairie Dawn on Tue 06/25/2013 at  6:55:26.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3085737138-1873073713-2077762840-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\babylon
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\Users\Prairie Dawn\AppData\Roaming\babylon"



~~~ FireFox

Successfully deleted: [File] C:\Users\Prairie Dawn\AppData\Roaming\mozilla\firefox\profiles\p2s0rg57.default\user.js
Successfully deleted: [File] C:\Users\Prairie Dawn\AppData\Roaming\mozilla\firefox\profiles\p2s0rg57.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Prairie Dawn\AppData\Roaming\mozilla\firefox\profiles\p2s0rg57.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Prairie Dawn\AppData\Roaming\mozilla\firefox\profiles\p2s0rg57.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Users\Prairie Dawn\AppData\Roaming\mozilla\firefox\profiles\p2s0rg57.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}
Successfully deleted the following from C:\Users\Prairie Dawn\AppData\Roaming\mozilla\firefox\profiles\p2s0rg57.default\prefs.js


user_pref("aol_toolbar.search.searchtype", "web");

user_pref("extensions.51c64028b7426.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "74924e570000000000006036ddd2323d");
user_pref("extensions.delta.instlDay", "15831");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1616:23:39");
user_pref("extensions.delta.vrsni", "1.8.16.16");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/25/2013 at  6:58:09.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 07:30:06
# Updated 08/06/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Prairie Dawn - PD
# Boot Mode : Normal
# Running from : C:\Users\Prairie Dawn\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Windows\Tasks\DSite.job
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\safE syavve
Folder Deleted : C:\Users\Prairie Dawn\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Prairie Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjjefdjldhdkghlnpfkghpggbgjoigl
Folder Deleted : C:\Users\Prairie Dawn\AppData\Roaming\DSite
Folder Deleted : C:\Users\Prairie Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\p2s0rg57.default\extensions\qjotkp@zozchsare.org

***** [Registry] *****

Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05B73BB2-3BFA-68E5-6CCF-7F793673B822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05B73BB2-3BFA-68E5-6CCF-7F793673B822}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5c2d7dbb069e946
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Prairie Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\p2s0rg57.default\prefs.js

Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Deleted : user_pref("aol_toolbar.cookie.search", "");
Deleted : user_pref("aol_toolbar.curtain.congrats", "n");
Deleted : user_pref("aol_toolbar.default.homepage.check", true);
Deleted : user_pref("aol_toolbar.default.homepage.protection", false);

Deleted : user_pref("aol_toolbar.default.search.check", true);
Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{AEB2F8EA-2D5C-4858-D7B9-0444795D9381}");
Deleted : user_pref("aol_toolbar.homepageprotection.enabled", false);
Deleted : user_pref("aol_toolbar.install.distroid", "aol");

Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9540");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000020");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "25");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "5");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "22");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "7");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "6");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1372166587465");
Deleted : user_pref("aol_toolbar.reset.flag", "3");
Deleted : user_pref("aol_toolbar.reset.style", "B");
Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "1371947500942");
Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "24-06-2013");
Deleted : user_pref("aol_toolbar.search.instd", "8CC8BC30918D4D4B8E120FAC6CFF2E28");
Deleted : user_pref("aol_toolbar.search.oid", "22-06-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.source", "webpickaol-ff");
Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Deleted : user_pref("aol_toolbar.searchprotection.enabled", false);
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "13");
Deleted : user_pref("aol_toolbar.surf.lastDate", "25");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "5");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "139");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "142");
Deleted : user_pref("aol_toolbar.surf.week", "117");
Deleted : user_pref("aol_toolbar.surf.year", "139");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "26");
Deleted : user_pref("aol_toolbar.weather.degf", "78");

Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Deleted : user_pref("aol_toolbar.weather.update", "1372166587485");
Deleted : user_pref("aol_toolbar.winamp.volume", "");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.51c64028b7426.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Prairie Dawn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10229 octets] - [25/06/2013 07:18:24]
AdwCleaner[R2].txt - [10290 octets] - [25/06/2013 07:19:29]
AdwCleaner[R3].txt - [10410 octets] - [25/06/2013 07:29:55]
AdwCleaner[s1].txt - [301 octets] - [25/06/2013 07:20:29]
AdwCleaner[s2].txt - [10613 octets] - [25/06/2013 07:30:06]

########## EOF - C:\AdwCleaner[s2].txt - [10674 octets] ##########

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Prairie Dawn at 7:36:15 on 2013-06-25
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8081.6211 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uRun: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{54C51214-2E62-4190-BAEC-EDB2DB5DFE1C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{54C51214-2E62-4190-BAEC-EDB2DB5DFE1C}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E6B693AB-3F11-496C-B231-B086E32881A3} : DHCPNameServer = 172.168.0.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Prairie Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\p2s0rg57.default\

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-28 650808]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-5-18 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-6 283200]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-4 14904]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-4 2457232]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-2-4 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-4 165760]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-4 364416]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-6-25 1015984]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [2013-6-24 1393240]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-19 138912]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130622.001\IDSviA64.sys [2013-6-24 513184]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-2-4 342528]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 NETwNe64;@oem13.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-4 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-14 43832]
R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-2-20 23552]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-6-17 23448]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-18 1471352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-2-4 273040]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-14 41272]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-25 14:30:13    121    ----a-w-    C:\Windows\DeleteOnReboot.bat
2013-06-25 14:06:24    --------    d-----w-    C:\rei
2013-06-25 14:06:19    --------    d-----w-    C:\Program Files\Reimage
2013-06-25 14:01:59    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Local\AVG SafeGuard toolbar
2013-06-25 14:01:56    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Roaming\Zip Opener Packages
2013-06-25 14:01:54    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
2013-06-25 14:01:48    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-06-25 14:01:46    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2013-06-25 14:01:45    --------    d-----w-    C:\Program Files (x86)\AVG SafeGuard toolbar
2013-06-25 14:01:28    --------    d-----w-    C:\Program Files (x86)\OpenIt
2013-06-25 14:01:25    --------    d--h--w-    C:\ProgramData\Common Files
2013-06-25 13:55:23    --------    d-----w-    C:\Windows\ERUNT
2013-06-25 13:55:10    --------    d-----w-    C:\JRT
2013-06-25 04:28:22    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Roaming\Malwarebytes
2013-06-25 04:27:55    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-25 04:27:54    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-25 04:27:54    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 03:59:03    224256    ----a-w-    C:\Windows\System32\HPToneCtrls64.dll
2013-06-25 03:59:02    7986176    ----a-w-    C:\Windows\System32\IDTNGUI.exe
2013-06-25 03:59:02    7712256    ----a-w-    C:\Windows\System32\IDTNHP.dll
2013-06-25 03:59:02    6085632    ----a-w-    C:\Windows\System32\stlang64.dll
2013-06-25 03:59:02    464384    ----a-w-    C:\Windows\System32\slapoi64.dll
2013-06-25 03:59:02    253952    ----a-w-    C:\Windows\System32\IDTNJ.exe
2013-06-25 03:59:02    2211840    ----a-w-    C:\Windows\System32\IDTNX.dll
2013-06-25 03:59:02    1821184    ----a-w-    C:\Windows\System32\IDTNC64.cpl
2013-06-25 03:59:02    1664000    ----a-w-    C:\Windows\sttray64.exe
2013-06-25 03:58:58    --------    d-----w-    C:\Program Files\IDT
2013-06-23 22:08:04    --------    d-----w-    C:\Windows\LastGood.Tmp
2013-06-23 00:23:01    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Roaming\EZDownloader
2013-06-23 00:22:42    --------    d-----w-    C:\ProgramData\StarApp
2013-06-23 00:22:36    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Local\Programs
2013-06-23 00:22:02    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Local\Google
2013-06-18 00:58:46    796760    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-06-18 00:58:46    493656    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-06-18 00:58:46    433752    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-06-18 00:58:46    36952    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-06-18 00:58:46    23448    ----a-r-    C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-06-18 00:58:46    224416    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-06-18 00:58:46    169048    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-06-18 00:58:46    1139800    ----a-w-    C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-06-18 00:58:27    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1404000.028
2013-06-18 00:55:23    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-06-18 00:55:23    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-06-18 00:55:21    888320    ----a-w-    C:\Windows\System32\autochk.exe
2013-06-18 00:55:21    793088    ----a-w-    C:\Windows\SysWow64\autochk.exe
2013-06-18 00:55:21    542208    ----a-w-    C:\Windows\System32\untfs.dll
2013-06-18 00:55:21    482816    ----a-w-    C:\Windows\SysWow64\untfs.dll
2013-06-16 01:26:05    13644288    ----a-w-    C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-16 01:26:03    10788864    ----a-w-    C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-06-16 01:26:01    1332736    ----a-w-    C:\Windows\System32\sysmain.dll
2013-06-16 01:26:01    1131520    ----a-w-    C:\Windows\System32\AppXDeploymentServer.dll
2013-06-16 01:26:00    10116096    ----a-w-    C:\Windows\System32\twinui.dll
2013-06-12 04:15:15    17271808    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-12 04:14:59    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-07 23:16:23    --------    d-----w-    C:\Users\Prairie Dawn\AppData\Local\Thunderbird
.
==================== Find3M  ====================
.
2013-06-19 04:58:49    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-04 22:09:22    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-19 05:49:14    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-05-19 05:49:14    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-05-19 05:49:14    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2013-05-15 22:37:03    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-05-14 13:14:01    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-06 23:22:43    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-05-04 07:58:17    120736    ----a-w-    C:\Windows\System32\AuthHost.exe
2013-05-04 07:45:29    2233600    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-04 07:34:17    446720    ----a-w-    C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15    284416    ----a-w-    C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56    39424    ----a-w-    C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51    1483776    ----a-w-    C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36    812544    ----a-w-    C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25    98304    ----a-w-    C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25    251904    ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25    141824    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24    1619968    ----a-w-    C:\Windows\System32\wucltux.dll
2013-05-04 06:58:54    328192    ----a-w-    C:\Windows\System32\ubpm.dll
2013-05-04 06:58:49    173568    ----a-w-    C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:48    330240    ----a-w-    C:\Windows\System32\stobject.dll
2013-05-04 06:58:28    93696    ----a-w-    C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02    470528    ----a-w-    C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02    151552    ----a-w-    C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01    169984    ----a-w-    C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59    17408    ----a-w-    C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46    560640    ----a-w-    C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15    501760    ----a-w-    C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05    179712    ----a-w-    C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05    122368    ----a-w-    C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04    389120    ----a-w-    C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04    2305024    ----a-w-    C:\Windows\System32\authui.dll
2013-05-04 06:57:00    708096    ----a-w-    C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:56:53    419840    ----a-w-    C:\Windows\System32\intl.cpl
2013-05-04 04:58:34    34304    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14    758784    ----a-w-    C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02    83968    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02    125952    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:39    8857088    ----a-w-    C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39    247296    ----a-w-    C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35    303616    ----a-w-    C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16    18432    ----a-w-    C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04    151040    ----a-w-    C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04    115712    ----a-w-    C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:57:02    14336    ----a-w-    C:\Windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48    411136    ----a-w-    C:\Windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14    449536    ----a-w-    C:\Windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06    92160    ----a-w-    C:\Windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05    309760    ----a-w-    C:\Windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05    2035712    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-04 04:55:58    389632    ----a-w-    C:\Windows\SysWow64\intl.cpl
2013-05-04 04:51:38    14848    ----a-w-    C:\Windows\System32\rars.rs
2013-05-04 04:48:33    83968    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26    27648    ----a-w-    C:\Windows\System32\drivers\hidusb.sys
2013-05-04 04:47:02    427520    ----a-w-    C:\Windows\System32\drivers\rdbss.sys
2013-05-04 04:10:47    14848    ----a-w-    C:\Windows\SysWow64\rars.rs
2013-04-28 22:30:55    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-28 22:30:12    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-28 22:28:29    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-04-28 22:28:00    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-27 05:20:12    733184    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-23 23:13:53    1013248    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-04-23 23:12:44    1569792    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-04-23 23:12:44    109056    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-04-23 22:56:35    1255936    ----a-w-    C:\Windows\System32\certutil.exe
2013-04-23 22:55:48    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-04-23 22:55:48    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-04-23 22:55:48    141312    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-04-16 02:34:44    1455368    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35    444416    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48    6987528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-09 05:33:02    489576    ----a-w-    C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02    446792    ----a-w-    C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02    253544    ----a-w-    C:\Windows\System32\audiodg.exe
2013-04-09 05:20:02    86280    ----a-w-    C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02    306952    ----a-w-    C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05    77960    ----a-w-    C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57    1829408    ----a-w-    C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07    816128    ----a-w-    C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07    373760    ----a-w-    C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07    197120    ----a-w-    C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07    126464    ----a-w-    C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06    804352    ----a-w-    C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51    367616    ----a-w-    C:\Windows\System32\conhost.exe
2013-04-09 04:51:45    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41    99840    ----a-w-    C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41    456704    ----a-w-    C:\Windows\System32\wpncore.dll
2013-04-09 04:51:17    595456    ----a-w-    C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17    391168    ----a-w-    C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03    3552768    ----a-w-    C:\Windows\System32\tquery.dll
2013-04-09 04:50:53    414720    ----a-w-    C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39    422400    ----a-w-    C:\Windows\System32\schannel.dll
2013-04-09 04:50:39    1285632    ----a-w-    C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03    96256    ----a-w-    C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03    745984    ----a-w-    C:\Windows\System32\mssvp.dll
.
============= FINISH:  7:37:06.31 ===============

 

 

AOL tool bar seems to be gone 

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.