Jump to content

Malwarebytes detects and removes same files each time I run it


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Eddie at 17:08:18 on 2013-12-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1625 [GMT -10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Eddie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Eddie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.







uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.1.2.1\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.1.2.1\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Facebook Update] "c:\users\eddie\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\eddie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\eddie\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Amazon Cloud Player] c:\users\eddie\appdata\local\amazon cloud player\Amazon Music Helper.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [updatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [smartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\program files\sminst\Launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll






TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0674107A-2CD4-4F44-868E-9E5F828F0DC8} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\2fk7uslc.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search


FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\2fk7uslc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.1.2\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\eddie\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\eddie\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\eddie\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\eddie\appdata\roaming\move networks\plugins\071801000006\npqmp071801000006.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-05-13 09:31; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2009-06-25 07:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 37664]
R1 FreeOTFE;FreeOTFE;c:\windows\system32\FreeOTFE.sys [2011-11-27 31856]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\system32\FreeOTFECypherAES_ltc.sys [2011-11-27 47216]
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;c:\windows\system32\FreeOTFECypherBlowfish.sys [2011-11-27 25200]
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5;c:\windows\system32\FreeOTFECypherCAST5.sys [2011-11-27 31088]
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;c:\windows\system32\FreeOTFECypherCAST6_Gladman.sys [2011-11-27 29808]
R1 FreeOTFECypherDES;FreeOTFECypherDES;c:\windows\system32\FreeOTFECypherDES.sys [2011-11-27 56816]
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;c:\windows\system32\FreeOTFECypherMARS_Gladman.sys [2011-11-27 26480]
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;c:\windows\system32\FreeOTFECypherRC6_ltc.sys [2011-11-27 26096]
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;c:\windows\system32\FreeOTFECypherSerpent_Gladman.sys [2011-11-27 29168]
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;c:\windows\system32\FreeOTFECypherTwofish_ltc.sys [2011-11-27 31856]
R1 FreeOTFEHashMD;FreeOTFEHashMD;c:\windows\system32\FreeOTFEHashMD.sys [2011-11-27 16880]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\system32\FreeOTFEHashRIPEMD.sys [2011-11-27 32624]
R1 FreeOTFEHashSHA;FreeOTFEHashSHA;c:\windows\system32\FreeOTFEHashSHA.sys [2011-11-27 26224]
R1 FreeOTFEHashTiger;FreeOTFEHashTiger;c:\windows\system32\FreeOTFEHashTiger.sys [2011-11-27 22128]
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;c:\windows\system32\FreeOTFEHashWhirlpool.sys [2011-11-27 30704]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-10 1734680]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-20 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
.
=============== Created Last 30 ================
.
2013-11-13 21:42:54 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 21:42:49 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 21:42:46 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 21:42:45 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 06:15:17 -------- d-----w- c:\programdata\Oracle
2013-11-13 06:14:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-13 05:34:16 -------- d-----w- c:\users\eddie\appdata\local\NPE
.
==================== Find3M  ====================
.
2013-11-11 01:27:36 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-09 09:03:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 09:03:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 17:08:49.95 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2009 3:21:51 PM
System Uptime: 11/14/2013 3:22:42 AM (422 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | Acacia
Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket AM2  | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 158.4 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.127 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1642: 11/12/2013 5:51:58 AM - Scheduled Checkpoint
RP1643: 11/12/2013 8:06:29 PM - Removed Java 6 Update 29
RP1644: 11/12/2013 8:12:24 PM - Installed Java 7 Update 45
RP1645: 11/14/2013 3:00:14 AM - Windows Update
RP1646: 11/15/2013 5:39:12 PM - Scheduled Checkpoint
RP1647: 11/16/2013 9:32:48 AM - Scheduled Checkpoint
RP1648: 11/17/2013 2:29:33 PM - Scheduled Checkpoint
RP1649: 11/19/2013 12:48:44 AM - Scheduled Checkpoint
RP1650: 11/20/2013 9:25:49 AM - Scheduled Checkpoint
RP1651: 11/21/2013 8:18:12 AM - Scheduled Checkpoint
RP1652: 11/22/2013 12:00:09 AM - Scheduled Checkpoint
RP1653: 11/23/2013 8:37:47 AM - Scheduled Checkpoint
RP1654: 11/24/2013 2:46:13 PM - Scheduled Checkpoint
RP1655: 11/26/2013 8:40:06 AM - Scheduled Checkpoint
RP1656: 11/27/2013 11:27:34 PM - Scheduled Checkpoint
RP1657: 11/29/2013 7:23:28 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4
Amazon Cloud Player
AVG 2012
AVG Security Toolbar
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Citrix Online Launcher
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Enhanced Multimedia Keyboard Solution
eSupportQFolder
F4200
F4200_Help
Facebook Video Calling 1.2.0.287
FreeOTFE
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.9.0.1207
GPBaseService
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 11.0
HP Demo
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Product Detection
HP Recovery Manager RSS
HP Smart Web Printing
HP Solution Center 11.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java 7 Update 45
Java Auto Updater
LabelPrint
LightScribe System Software  1.14.25.1
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
Media Player Codec Pack 3.9.9
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Media Player
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
My HP Games
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Picasa 2
PictureMover
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Shop for HP Supplies
Skype™ 6.7
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
VoiceOver Kit
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Yahoo! Messenger
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Hi Marius. I'm Eddie. Thanks for your help!!! It's a short report. I'm not sure how to zip it so I am pasting it here:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Eddie :: EDDIE-PC [administrator]

12/1/2013 12:38:22 PM
mbam-log-2013-12-01 (12-38-22).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 440779
Time elapsed: 1 hour(s), 54 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Users\Eddie\AppData\Local\Temp\ct2611275 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\chrome (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\defaults (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\lib (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\META-INF (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\searchplugin (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 24
C:\Users\Eddie\AppData\Local\Temp\ct2611275\chrome.manifest (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\version.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\chrome\zonealarm.jar (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\ConduitAutoCompleteSearch.js (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\ConduitAutoCompleteSearch.xpt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\ConduitToolbar.idl (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\ConduitToolbar.js (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\ConduitToolbar.xpt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\FFExternalAlert.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\FFExternalAlert.xpt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\RadioWMPCore.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\components\RadioWMPCore.xpt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\defaults\default_radio_skin.xml (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\defaults\fbAlert.js (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\lib\xpcom.js (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\META-INF\manifest.mf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\META-INF\zigbert.rsa (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\META-INF\zigbert.sf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\searchplugin\conduit.gif (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\searchplugin\conduit.ico (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\searchplugin\conduit.PNG (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\searchplugin\conduit.src (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eddie\AppData\Local\Temp\ct2611275\searchplugin\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.

(end)

Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

Hi Marius. I ran the 32bit FRST program from my desktop but it stopped working and gave me the following problem details:

 

Problem signature:

Problem Event Name: APPCRASH

Application Name: FRST.exe

Application Version: 3.3.8.1

Application Timestamp: 4f25baec

Fault Module Name: ntdll.dll

Fault Module Version: 6.0.6002.18881

Fault Module Timestamp: 51da3e27

Exception Code: c0000005

Exception Offset: 0006657b

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: a6e4

Additional Information 2: 193121016aa3a1bea9e432fdcb3205e2

Additional Information 3: 15a6

Additional Information 4: 0d0d5b54eef5fd8f6764540d2f224cce

Read our privacy statement:

 

http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Link to post
Share on other sites

Wait. It stopped working but it did create an FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 02
Ran by Eddie (administrator) on EDDIE-PC on 03-12-2013 08:10:50
Running from C:\Users\Eddie\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Users\Eddie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Users\Eddie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\KBD\kbd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] - C:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] - C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe [12288 2008-07-21] (Microsoft)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [updateP2GoShortCut] - C:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updatePDIRShortCut] - C:\Program Files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [updatePSTShortCut] - C:\Program Files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM\...\Run: [TSMAgent] - C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM\...\Run: [DVDAgent] - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\Pac207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
HKLM\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe [366400 2007-02-20] (Google Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-04-04] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2420248 2013-11-10] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] - C:\Program Files\SMINST\Launcher.exe [54608 2008-08-21] (soft thinks)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-08-22] (Yahoo! Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Eddie\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Eddie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-06] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\Eddie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7342592 2013-09-23] (Google Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-20] (Google Inc.)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\Eddie\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-07-21] ()
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: J - wdsync.exe
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-10-17] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-10-17] (Hewlett-Packard)
AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2010-09-07] (Google)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKLM - {256DBC0A-6867-4511-B430-96D26BA7A778} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1F7C2631-338E-46ED-8264-F5E73FD184EF} URL = http://search.avg.com/route/?d=4cc5416b&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=9tFu1Nk4CHqzZ_ukCw-ltwLlePQ?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={0E9DDBB0-8B0D-42B8-85C6-E37386338C69}&mid=91510e83448d75415d701ea5280f3bc8-7ca8312ba7a3ae118437ff214312379827f75e8b〈=en&ds=AVG&pr=fr&d=2012-06-06 22:14:06&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default
FF user.js: detected! => C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default\user.js
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search


FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies)
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.99 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @real.com/nppl3260;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Eddie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Eddie\AppData\Roaming\Move Networks\plugins\071801000006\npqmp071801000006.dll (Move Networks)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Eddie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Eddie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Eddie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Yahoo! Toolbar - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: osyfvzhcmq - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default\Extensions\osyfvzhcmq@osyfvzhcmq.org.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:
=======


CHR DefaultSearchURL: (AVG Secure Search) - http://isearch.avg.com/search?cid={0E9DDBB0-8B0D-42B8-85C6-E37386338C69}&mid=91510e83448d75415d701ea5280f3bc8-7ca8312ba7a3ae118437ff214312379827f75e8b〈=en&ds=AVG&pr=fr&d=2012-06-06 22:14:06&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: (AVG Secure Search) - http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (getPlusPlus for Adobe 16299) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Eddie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Move Streaming Media Player) - C:\Users\Eddie\AppData\Roaming\Move Networks\plugins\071801000006\npqmp071801000006.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0
CHR Extension: (AVG Safe Search) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0
CHR Extension: (AVG Secure Search) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-10] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R1 FreeOTFE; C:\Windows\System32\FreeOTFE.sys [31856 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherAES_ltc; C:\Windows\System32\FreeOTFECypherAES_ltc.sys [47216 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherBlowfish; C:\Windows\System32\FreeOTFECypherBlowfish.sys [25200 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherCAST5; C:\Windows\System32\FreeOTFECypherCAST5.sys [31088 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherCAST6_Gladman; C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys [29808 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherDES; C:\Windows\System32\FreeOTFECypherDES.sys [56816 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherMARS_Gladman; C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys [26480 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherRC6_ltc; C:\Windows\System32\FreeOTFECypherRC6_ltc.sys [26096 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherSerpent_Gladman; C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys [29168 2010-02-07] (Sarah Dean)
R1 FreeOTFECypherTwofish_ltc; C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys [31856 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashMD; C:\Windows\System32\FreeOTFEHashMD.sys [16880 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashRIPEMD; C:\Windows\System32\FreeOTFEHashRIPEMD.sys [32624 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashSHA; C:\Windows\System32\FreeOTFEHashSHA.sys [26224 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashTiger; C:\Windows\System32\FreeOTFEHashTiger.sys [22128 2010-02-07] (Sarah Dean)
R1 FreeOTFEHashWhirlpool; C:\Windows\System32\FreeOTFEHashWhirlpool.sys [30704 2010-02-07] (Sarah Dean)
R3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [59376 2008-09-26] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-03 08:08 - 2013-12-03 08:08 - 01092545 _____ (Farbar) C:\Users\Eddie\Desktop\FRST.exe
2013-12-03 08:05 - 2013-12-03 08:11 - 00031091 _____ C:\Users\Eddie\Desktop\FRST.txt
2013-12-03 08:05 - 2013-12-03 08:05 - 00000000 ____D C:\FRST
2013-12-01 17:09 - 2013-12-01 17:09 - 00005562 _____ C:\Users\Eddie\Desktop\attach.txt
2013-12-01 17:09 - 2013-12-01 17:08 - 00021527 _____ C:\Users\Eddie\Desktop\dds.txt
2013-12-01 17:03 - 2013-12-01 17:03 - 00000511 _____ C:\Users\Eddie\Desktop\dds - Shortcut.lnk
2013-12-01 16:59 - 2013-12-01 16:59 - 00688992 ____R (Swearware) C:\Users\Eddie\Downloads\dds.scr
2013-11-14 03:05 - 2013-10-13 00:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:05 - 2013-10-13 00:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:05 - 2013-10-12 23:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:05 - 2013-10-12 23:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:05 - 2013-10-12 23:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 03:05 - 2013-10-12 23:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:05 - 2013-10-12 23:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 03:05 - 2013-10-12 23:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:05 - 2013-10-12 23:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:05 - 2013-10-12 23:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 03:05 - 2013-10-12 23:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 03:05 - 2013-10-12 23:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:05 - 2013-10-12 23:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:05 - 2013-10-12 23:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 03:05 - 2013-10-12 23:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:05 - 2013-10-12 23:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 11:42 - 2013-10-10 16:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 11:42 - 2013-10-10 16:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 11:42 - 2013-10-10 14:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-13 11:42 - 2013-10-03 02:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 11:42 - 2013-10-03 02:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 20:15 - 2013-11-12 20:15 - 00000000 ____D C:\ProgramData\Oracle
2013-11-12 20:15 - 2013-11-12 20:15 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-12 20:15 - 2013-11-12 20:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-12 20:14 - 2013-11-12 20:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-12 20:14 - 2013-11-12 20:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-12 20:14 - 2013-11-12 20:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-12 20:13 - 2013-11-12 20:13 - 00000000 ____D C:\Program Files\Java
2013-11-12 20:11 - 2013-11-12 20:11 - 00915368 _____ (Oracle Corporation) C:\Users\Eddie\Downloads\chromeinstall-7u45.exe
2013-11-12 19:34 - 2013-11-12 20:14 - 00000000 ____D C:\Users\Eddie\AppData\Local\NPE
2013-11-12 19:33 - 2013-11-12 19:34 - 03053496 ____N (Symantec Corporation) C:\Users\Eddie\Downloads\NPE.exe

==================== One Month Modified Files and Folders =======

2013-12-03 08:11 - 2013-12-03 08:05 - 00031091 _____ C:\Users\Eddie\Desktop\FRST.txt
2013-12-03 08:10 - 2010-03-07 07:44 - 00000000 ____D C:\Users\Eddie\AppData\Local\CrashDumps
2013-12-03 08:09 - 2012-01-08 07:59 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-585912954-1552370349-390503923-1000UA.job
2013-12-03 08:08 - 2013-12-03 08:08 - 01092545 _____ (Farbar) C:\Users\Eddie\Desktop\FRST.exe
2013-12-03 08:05 - 2013-12-03 08:05 - 00000000 ____D C:\FRST
2013-12-03 08:03 - 2012-05-18 17:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 07:59 - 2006-11-02 02:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 07:59 - 2006-11-02 02:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 07:57 - 2010-01-29 14:12 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 07:53 - 2009-02-17 15:25 - 01735044 _____ C:\Windows\WindowsUpdate.log
2013-12-03 07:51 - 2012-12-31 21:06 - 00000000 ____D C:\Users\Eddie\AppData\Local\Htc
2013-12-03 07:49 - 2008-11-06 14:34 - 00000000 ____D C:\Program Files\SMINST
2013-12-03 07:48 - 2013-06-02 13:56 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-12-03 07:48 - 2010-01-29 14:12 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 07:48 - 2006-11-02 03:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 07:46 - 2006-11-02 03:01 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 07:27 - 2008-01-20 16:47 - 00543790 _____ C:\Windows\PFRO.log
2013-12-03 07:16 - 2009-05-17 00:20 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\Skype
2013-12-03 07:13 - 2012-11-06 23:22 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-585912954-1552370349-390503923-1000UA.job
2013-12-03 01:13 - 2012-11-06 23:22 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-585912954-1552370349-390503923-1000Core.job
2013-12-02 17:42 - 2010-10-24 22:34 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-12-02 17:33 - 2006-11-02 00:33 - 00690960 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 17:09 - 2012-01-08 07:59 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-585912954-1552370349-390503923-1000Core.job
2013-12-01 21:16 - 2006-11-02 02:52 - 00125072 _____ C:\Windows\setupact.log
2013-12-01 17:09 - 2013-12-01 17:09 - 00005562 _____ C:\Users\Eddie\Desktop\attach.txt
2013-12-01 17:08 - 2013-12-01 17:09 - 00021527 _____ C:\Users\Eddie\Desktop\dds.txt
2013-12-01 17:03 - 2013-12-01 17:03 - 00000511 _____ C:\Users\Eddie\Desktop\dds - Shortcut.lnk
2013-12-01 16:59 - 2013-12-01 16:59 - 00688992 ____R (Swearware) C:\Users\Eddie\Downloads\dds.scr
2013-11-20 11:48 - 2009-05-13 09:05 - 00007052 _____ C:\Users\Eddie\AppData\Local\d3d9caps.dat
2013-11-18 15:26 - 2011-02-27 15:19 - 00001921 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-18 15:26 - 2011-02-27 15:19 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-17 16:39 - 2009-04-05 17:47 - 00034248 _____ C:\Users\Eddie\AppData\Roaming\wklnhst.dat
2013-11-14 09:19 - 2010-10-24 14:46 - 00000000 ____D C:\ProgramData\MFAData
2013-11-14 09:18 - 2011-09-28 23:18 - 00000844 _____ C:\Users\Public\Desktop\AVG 2012.lnk
2013-11-14 03:38 - 2006-11-02 01:18 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:04 - 2013-08-15 03:05 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:00 - 2006-11-02 00:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-12 20:17 - 2010-01-20 03:18 - 00000000 ____D C:\Program Files\Google
2013-11-12 20:15 - 2013-11-12 20:15 - 00000000 ____D C:\ProgramData\Oracle
2013-11-12 20:15 - 2013-11-12 20:15 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-12 20:14 - 2013-11-12 20:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-12 20:14 - 2013-11-12 19:34 - 00000000 ____D C:\Users\Eddie\AppData\Local\NPE
2013-11-12 20:13 - 2013-11-12 20:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-12 20:13 - 2013-11-12 20:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-12 20:13 - 2013-11-12 20:14 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-12 20:13 - 2013-11-12 20:13 - 00000000 ____D C:\Program Files\Java
2013-11-12 20:11 - 2013-11-12 20:11 - 00915368 _____ (Oracle Corporation) C:\Users\Eddie\Downloads\chromeinstall-7u45.exe
2013-11-12 19:34 - 2013-11-12 19:33 - 03053496 ____N (Symantec Corporation) C:\Users\Eddie\Downloads\NPE.exe
2013-11-12 19:34 - 2008-11-06 14:33 - 00000000 ____D C:\ProgramData\Norton
2013-11-10 15:27 - 2012-11-08 12:42 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-11-10 15:27 - 2012-06-06 22:14 - 00000000 ____D C:\Program Files\AVG Secure Search

Link to post
Share on other sites

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    C:\Users\Eddie\AppData\Local\Temp\ct2611275SearchScopes: HKLM - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL = http://www.ask.com/w...}&l=dis&o=ushpdSearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2611275SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...?q={searchTerms}SearchScopes: HKCU - {AA2BE316-DC4D-4562-BB53-A9DCF6897679} URL = http://www.ask.com/w...}&l=dis&o=ushpdSearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2611275BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No FileFF Extension: Yahoo! Toolbar - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF Extension: osyfvzhcmq - C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\2fk7uslc.default\Extensions\osyfvzhcmq@osyfvzhcmq.org.xpi
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.