Jump to content

Browser Hijack - search.ueep.com

paromi
 Share

Recommended Posts

paromi

paromi

Posted
Posted

Hi,

 

I have installed by mistake a adware that hijacks the IE and Firefox homepage with search.ueep.com

I have removed the ueep exe from the AppData/Roaming folder after reading some online tutorials.

Removed some search.ueep.com registry entries , scanned the computer with malwarebytes, nod32, microsoft security essentials, spybot, and some other 2

The browser homepage is still there

http://i.imgur.com/Z89xarP.png

 

I have attached a hijackthis log too

 

Where else could this adware could be hidden ?'

 

Thank you

 

hijackthis.log

Link to post
Share on other sites
paromi

paromi

Posted
  • Author
Posted

Here is the log as a reply :

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:43 AM, on 7/24/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Users\Garret\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Garret\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Garret\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Join Air\UIExec.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.52.128.216:55555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: m
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [uIExec] "C:\Program Files (x86)\Join Air\UIExec.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Garret\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [iCQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [skyDrive] "C:\Users\Garret\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Garret\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Hush Messenger.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - F:\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SACSrv - SafeNet, Inc. - C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing)
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Join Air\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13750 bytes

Link to post
Share on other sites
paromi

paromi

Posted
  • Author
Posted

DDS Logs :

 

Attach 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/10/2010 3:40:43 PM
System Uptime: 7/24/2013 9:07:15 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3
Processor: Intel® Core i7 CPU 860 @ 2.80GHz | Socket 1156 | 2794/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 6.405 GiB free.
D: is FIXED (NTFS) - 225 GiB total, 202.34 GiB free.
E: is FIXED (NTFS) - 293 GiB total, 200.89 GiB free.
F: is FIXED (NTFS) - 394 GiB total, 192.955 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 182 GiB total, 116.164 GiB free.
I: is FIXED (NTFS) - 303 GiB total, 53.926 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Marvell 91xx Config ATA Device
Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&32C5F958&0&1.1.0
Manufacturer:
Name: Marvell 91xx Config ATA Device
PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&32C5F958&0&1.1.0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 4.65 (x64 edition)
Adobe AIR
Adobe Download Assistant
Adobe Dreamweaver CS6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Reader X (10.0.1)
Adobe Story
Adobe Widget Browser
Advanced Find and Replace v7.3
AMD APP KernelAnalyzer 1.8
AMD APP Profiler 2.2
AMD APP SDK Developer
AMD APP SDK Runtime
AMD APP SDK Samples
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Anvi Smart Defender 1.9.1
Armory Bitcoin Client
AskToolbar
ASUS My Cinema U3000 Hybrid
ATI AVIVO64 Codecs
ATI Problem Report Wizard
BeCyPDFMetaEdit
Bing Bar
Bitcoin
BitTorrent Sync
BlackWidow version 6.28
Bulk Mailer
Bulk Rename Utility 2.7.1.2
Call of Duty Modern Warfare 2
CamStudio OSS Desktop Recorder
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Convert Multiple Text Files To HTML Files Software
D3DX10
DigiSigner 3.0.8
DiRT 3
Dropbox
DU Meter 5.01 Build R3220
Easy Tune 6 B09.0908.1
Email Address Extractor
Eraser 6.0.7.1893
ESET Smart Security
EVEREST Ultimate Edition v4.60
FastStone Image Viewer 4.2
Feedback Tool
FileZilla Client 3.6.0.2
FlashFXP v3
Fotosizer 1.29
Foxit Reader
Full Tilt Poker
Full Tilt Poker.Eu
Futuremark SystemInfo
Geekbench 2.1
GIMP 2.8.4
Gmail Backup
GNU Midnight Commander version 4.8.4 (beta) (build: 20120815-159)
Google App Engine
Google Drive
Google Page Rank
Google Talk Plugin
Google Update Helper
GoToMeeting 4.5.0.457
GSA Search Engine Ranker v4.25
GTK+ Runtime 2.12.8 rev a (remove only)
Handbrake 0.9.4
HiJackThis
Holdem Indicator 2.4.0
HTTP Headers
Hush Messenger (remove only)
HydraVision
ICQ7.6
ImgBurn
Java 7 Update 15
Java Auto Updater
Javascript Obfuscator 4.3 Trial
Jing
Join Air
Junk Mail filter update
Keyword Pad 1.5.031013
Litecoin
Malwarebytes Anti-Malware version 1.75.0.1300
Market Samurai
Mesh Runtime
Messenger Companion
MetaTrader
MetaTrader 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
mIRC
Mobile Partner
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Multiple Find And Replace 1.10
NEC Electronics USB 3.0 Host Controller Driver
NetWorx 5.2.1
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OpenAL
Opera 12.15
Opera Mobile Emulator
Paint.NET v3.5.5
PandoraRecovery (Remove Only)
PCMark Vantage
Pdf Editor
Photo! Editor 1.1
Pidgin
PlayReady PC Runtime amd64
PokerOffice 5 (remove only)
PokerStars.eu
Proxifier version 2.91
PunkBuster Services
Pymaxe version 0.60
Python 2.7 (64-bit)
Python 3.3.2 (64-bit)
Quake Live Mozilla Plugin
Rainmeter (remove only)
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
SafeNet Authentication Client 8.1 SP1
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Simple HTML To Text Converter 1.2
SiteMap Generator 0.974 (beta)
Skype Click to Call
Skype™ 6.5
SmartSerialMail Demo V6.2
SopCast 3.5.0
Spybot - Search & Destroy
Steam
System Health Windows SideShow Gadget
Task time counter
TheBestSpinner
TheBestSpinner3
Tor 0.2.1.30
touchtheSky for Opera 10.50+
TrueCrypt
Typo Buzz Misspelling Finder v2.0
Unigine Heaven Benchmark v2.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vidalia 0.2.12
Vim 7.3 (self-installing)
VirtualCloneDrive
VLC media player 2.0.4
WebMoney Keeper Classic 3.5.0.1
Winamp
WinDirStat 1.1.2
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Windows SideShow Managed Runtime 1.0
WinHTTrack Website Copier 3.43-9C
WinPcap 4.1.1
WinRAR archiver
XAMPP 1.8.1
XTB-Option Trader
Yahoo! Messenger
ZennoPoster Demo
ZennoPoster MP Lite
ZennoPoster MP Standard
ZennoPoster Standard
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
7/24/2013 9:32:29 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/24/2013 9:20:57 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
7/24/2013 9:08:11 AM, Error: Service Control Manager [7000] - The atidgllk service failed to start due to the following error: This driver has been blocked from loading
7/24/2013 9:08:11 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\GIGABYTE\ET6\atidgllk.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/24/2013 9:07:29 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
7/24/2013 9:07:21 AM, Error: volmgr [46] - Crash dump initialization failed!
7/24/2013 8:28:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/24/2013 8:27:57 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2013 8:27:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/24/2013 8:27:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/24/2013 8:27:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/24/2013 8:27:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/24/2013 8:27:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2013 8:27:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/24/2013 8:27:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD asdrm CSC DfsC discache ehdrv ElbyCDIO EpfwLWF MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt Wanarpv6 WfpLwf ws2ifsl
7/24/2013 8:27:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2013 8:27:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2013 8:27:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2013 8:27:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2013 8:27:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2013 8:27:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2013 8:27:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2013 8:27:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2013 8:27:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/24/2013 8:27:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/23/2013 9:55:25 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
7/23/2013 10:28:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================

 

 

 

 

 

 

 

 

 

 

 

 

 

DDS

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.15.2
Run by Garret at 10:02:59 on 2013-07-24
Microsoft Windows 7 Professional 6.1.7601.1.1251.7.1033.18.6139.2472 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Protectie firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Join Air\AssistantServices.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
F:\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Users\Garret\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Garret\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Garret\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Join Air\UIExec.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = 198.52.128.216:55555
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Garret\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [POEngine5] <no file>
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [uIExec] "C:\Program Files (x86)\Join Air\UIExec.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Garret\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Garret\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Garret\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HUSHME~1.LNK - C:\Windows\System32\javaw.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SystemRoot%\system32\PrxerDrv.dll


TCP: NameServer = 8.8.8.8 46.108.6.254 46.108.7.254
TCP: Interfaces\{DB88A2CB-7196-4086-8E49-CA9E0167CF3A} : DHCPNameServer = 8.8.8.8 46.108.6.254 46.108.7.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: ScCertProp - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [sACMonitor] "C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe"
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: ScCertProp - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Garret\AppData\Roaming\Mozilla\Firefox\Profiles\nmdc8rh6.default-1374612595286\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Garret\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Garret\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Garret\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Garret\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-17 20:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-7-23 18768]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-6 235520]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-7-23 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-7-22 742120]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-7-23 17232]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-10-12 72216]
R2 MBAMScheduler;MBAMScheduler;F:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-24 418376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
R2 SACSrv;SACSrv;C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe [2011-10-2 10712]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-7-24 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-7-24 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-7-24 171928]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Join Air\AssistantServices.exe [2012-7-4 261456]
R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-2-23 14904]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-5-10 30528]
R3 iKeyEnum;Rainbow iKey Enumerator;C:\Windows\System32\drivers\IKEYENUM.SYS [2010-7-8 16160]
R3 iKeyIFD;Rainbow iKey Virtual Reader;C:\Windows\System32\drivers\IKEYIFD.SYS [2010-7-8 22304]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-11 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-10 239616]
R4 atillk64;atillk64;C:\Program Files (x86)\GIGABYTE\ET6\atillk64.sys [2006-7-19 14608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;F:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-24 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 AKSUP;AKSUP;C:\Windows\System32\drivers\aksup.sys [2012-2-19 44712]
S3 atidgllk;atidgllk;C:\Program Files (x86)\GIGABYTE\ET6\atidgllk.sys [2006-7-19 12048]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-5-10 25640]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2010-11-11 116224]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-7-4 11776]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 u3kh64;ASUS My Cinema U3000 Hybrid;C:\Windows\System32\drivers\u3kh64.sys [2010-5-11 1806336]
S3 u3khrc64;ASUS Infrared Receiver;C:\Windows\System32\drivers\u3khrc64.sys [2010-5-11 17024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .js: jsfile="F:\Adobe\Dreamweaver CS6\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
ShellExec: dreamweaver.exe: Open="F:\Adobe\Dreamweaver CS6\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: ProjectMaker.exe: Edit=C:\PROGRA~2\ZennoLab\ZENNOP~3\Progs\TASKSR~1.EXE "%1"
ShellExec: ProjectMaker.exe: Open=C:\PROGRA~2\ZennoLab\ZENNOP~3\Progs\TASKSR~1.EXE "%1"
.
=============== Created Last 30 ================
.
2013-07-24 06:22:42 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-07-24 06:22:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-24 06:14:44 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA1D89DB-DA8C-41EE-BD0E-611792964E6F}\offreg.dll
2013-07-24 06:06:27 712264 ----a-w- C:\Windows\isRS-000.tmp
2013-07-24 05:53:28 388096 ----a-r- C:\Users\Garret\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-24 05:53:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-07-24 05:10:41 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA1D89DB-DA8C-41EE-BD0E-611792964E6F}\mpengine.dll
2013-07-23 21:48:34 208216 ----a-w- C:\Windows\System32\drivers\73809949.sys
2013-07-23 20:47:01 -------- d-----w- C:\Users\Garret\AppData\Roaming\Anvisoft
2013-07-23 20:46:52 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-07-23 20:46:52 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-07-23 20:46:52 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-07-23 20:46:52 -------- d-----w- C:\ProgramData\Anvisoft
2013-07-23 20:46:48 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-07-23 19:36:53 -------- d-----w- C:\Users\Garret\AppData\Local\{34363137-D23C-4A94-871C-39AD1740F3FB}
2013-07-23 06:05:59 -------- d-----w- C:\Users\Garret\AppData\Local\{E337E7D4-2903-4E5F-9B90-25B626886CFF}
2013-07-23 04:57:34 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-22 18:05:29 -------- d-----w- C:\Users\Garret\AppData\Local\{91803B07-9E17-4019-A9DB-E91703E1FA2F}
2013-07-22 06:04:59 -------- d-----w- C:\Users\Garret\AppData\Local\{42276F9E-5175-41F0-A32E-2FF61C53B940}
2013-07-19 06:50:30 -------- d-----w- C:\Users\Garret\AppData\Local\{9C1AA3ED-A4A1-4A7E-9C43-67477B9ADBFC}
2013-07-18 18:36:43 -------- d-----w- C:\Users\Garret\AppData\Local\{428BD7FC-DBCE-4D81-ADFB-5AEEBAF22292}
2013-07-18 05:17:33 -------- d-----w- C:\Users\Garret\AppData\Local\{93889071-B37C-47B5-815F-6BBC01654967}
2013-07-17 12:23:49 -------- d-----w- C:\Users\Garret\AppData\Local\{41AD70F5-CEB1-4FFC-B243-CB595F697352}
2013-07-17 08:55:12 -------- d-----w- C:\Program Files (x86)\Opera Mobile Emulator
2013-07-17 06:50:17 -------- d-----w- C:\Users\Garret\AppData\Local\{1D5B9679-E0CA-41FB-9ACD-5A31F5605362}
2013-07-17 05:10:31 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5338915-13BC-4016-8E38-57A5BC455552}\gapaengine.dll
2013-07-16 21:02:37 -------- d-----w- C:\Windows\System32\MRT
2013-07-16 14:44:52 -------- d-----w- C:\Users\Garret\AppData\Local\{5D4F82C7-D6B3-44D6-9C4C-B46E04EB1537}
2013-07-16 09:53:15 -------- d-----w- C:\Users\Garret\AppData\Local\{8778DAC7-F224-4049-B705-0D707A41B6A0}
2013-07-15 12:48:39 -------- d-----w- C:\Users\Garret\AppData\Local\{1AE0423A-DAD3-4741-8C5B-6902C68B0C0B}
2013-07-12 15:30:32 -------- d-----w- C:\Users\Garret\AppData\Local\{3CF23498-E873-43BB-B73C-64D2223A575D}
2013-07-12 11:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 11:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 10:15:53 -------- d-----w- C:\Users\Garret\AppData\Local\{46AA3E28-869C-4B0D-89E9-57775F1D7750}
2013-07-11 18:46:29 -------- d-----w- C:\Users\Garret\AppData\Local\{7986410B-427F-4D5B-9342-AB82AE627EA9}
2013-07-11 06:13:12 -------- d-----w- C:\Users\Garret\AppData\Local\{ACE31336-8626-470B-85EE-31722E57D076}
2013-07-10 07:30:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-10 07:30:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-10 06:10:14 -------- d-----w- C:\Users\Garret\AppData\Local\{9E16DC94-4ADF-45BA-A3F4-24D179A779F1}
2013-07-10 05:21:53 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 05:21:52 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-09 18:21:37 -------- d-----w- C:\Users\Garret\AppData\Local\{7596096C-267E-4EE1-B4E5-F18E2BB04944}
2013-07-09 05:57:45 -------- d-----w- C:\Users\Garret\AppData\Local\{933EF588-6BF5-4E93-9359-36918CB691B4}
2013-07-08 06:37:40 -------- d-----w- C:\Users\Garret\AppData\Local\{BA3B3E32-D475-420F-B386-D5B33ACA77E9}
2013-07-07 05:55:07 -------- d-----w- C:\Users\Garret\AppData\Local\{8FA16CA0-4299-4721-962E-EA0E12F1AA4C}
2013-07-06 06:40:24 -------- d-----w- C:\Users\Garret\AppData\Local\{5A169AC8-CBF3-450E-B52D-74D569925623}
2013-07-05 10:21:29 -------- d-----w- C:\Users\Garret\AppData\Local\{20390137-0528-4992-BF65-85DA90A259EC}
2013-07-04 18:16:11 -------- d-----w- C:\Users\Garret\AppData\Local\{D240C39D-066B-46C6-AE3C-194F2150FEB9}
2013-07-04 13:43:19 -------- d-----w- C:\Users\Garret\AppData\Local\Eclipse
2013-07-04 06:11:58 -------- d-----w- C:\Users\Garret\AppData\Local\{E5250461-DB25-4A3C-A167-95BA5BEC27A3}
2013-07-03 12:50:25 -------- d-----w- C:\Users\Garret\AppData\Local\{B3CCF7A5-877A-4503-9B1D-0A9D1018108B}
2013-07-03 05:16:42 -------- d-----w- C:\Users\Garret\AppData\Local\{0BD3F395-5432-4BEE-9759-8A514D135137}
2013-07-02 07:54:32 -------- d-----w- C:\Users\Garret\AppData\Local\{E2AAC7CE-6A49-4E29-8B6A-90C164ABC264}
2013-07-01 19:54:02 -------- d-----w- C:\Users\Garret\AppData\Local\{693BC1DB-7756-4E34-9988-47A153CE24AB}
2013-07-01 12:47:03 -------- d-----w- C:\Users\Garret\Google
2013-07-01 12:44:14 98304 ----a-r- C:\Users\Garret\AppData\Roaming\Microsoft\Installer\{9FA9A2A6-19E4-381A-8AF3-F8CF12F0DCF0}\python_icon.exe
2013-07-01 06:30:14 -------- d-----w- C:\Users\Garret\AppData\Local\{2AB15442-4D77-4039-8C2F-87163875F64D}
2013-06-30 10:26:20 -------- d-----w- C:\Users\Garret\AppData\Local\{7862DCEE-7178-4C3D-87F3-70FD1F8CB183}
2013-06-29 18:30:36 -------- d-----w- C:\Users\Garret\AppData\Local\{7696B6F2-4442-4E0E-9D05-F817C32454D4}
2013-06-28 20:46:34 -------- d-----w- C:\Users\Garret\AppData\Local\{79DB6076-DF17-4558-BC17-F0F0A68CF701}
2013-06-28 06:25:38 -------- d-----w- C:\Users\Garret\AppData\Local\{EEA61355-DA80-42CC-A321-4F0AAE64771B}
2013-06-27 09:15:22 -------- d-----w- C:\Program Files (x86)\Softnik Technologies
2013-06-27 08:49:43 -------- d-----w- C:\Program Files (x86)\MirrorUploader
2013-06-27 08:44:02 15872 ----a-w- C:\Program Files (x86)\MSBuild\Phalanger\3.0\PHP.VisualStudio.PhalangerTasks.dll
2013-06-27 08:44:01 15872 ----a-w- C:\Program Files\MSBuild\Phalanger\3.0\PHP.VisualStudio.PhalangerTasks.dll
2013-06-27 08:44:01 14336 ----a-w- C:\Program Files\MSBuild\Phalanger\2.0\PHP.VisualStudio.PhalangerTasks.dll
2013-06-27 08:44:01 14336 ----a-w- C:\Program Files (x86)\MSBuild\Phalanger\2.0\PHP.VisualStudio.PhalangerTasks.dll
2013-06-27 06:23:15 -------- d-----w- C:\Users\Garret\AppData\Local\{4B261178-B9E3-42B8-9C3A-C461134CE84A}
2013-06-26 10:44:42 -------- d-----w- C:\Users\Garret\AppData\Local\{5CF99AD0-EC11-4E33-8188-BF4E666CCAC5}
2013-06-25 13:18:39 -------- d-----w- C:\Program Files (x86)\Bulk Mailer
2013-06-25 13:18:33 -------- dc-h--w- C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}
2013-06-25 12:45:24 -------- d-----w- C:\Users\Garret\.spamassassin
2013-06-25 12:45:24 -------- d-----w- C:\Users\Garret\.razor
2013-06-25 12:28:16 -------- d-----w- C:\Users\Garret\AppData\Roaming\JAM Software
2013-06-25 12:27:52 -------- d-----w- C:\Program Files (x86)\JAM Software
2013-06-25 12:27:52 -------- d-----w- C:\Program Files (x86)\Common Files\JAM Software
2013-06-25 11:59:31 -------- d-----w- C:\Users\Garret\AppData\Local\{868F1391-B820-44E5-8DF6-63C2C843D7F1}
2013-06-24 13:26:11 -------- d-----w- C:\Users\Garret\AppData\Local\{D53AF7F8-EBDD-4677-924C-7BA88EA0740E}
.
==================== Find3M ====================
.
2013-07-24 06:07:55 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-07-24 06:07:42 25640 ----a-w- C:\Windows\gdrv.sys
2013-06-18 18:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 18:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-12 16:16:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:16:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
.
============= FINISH: 10:03:20.41 ===============

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Sorry for the delay but with all the replies by you it looked like someone was already helping you.  If you still need help please run the following.

 

 


Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.