over 900 possibly infected files...yikes!

[Nervchild]

my computer may be infected. Some help to determine which files i should remove would be really great. Here are my logs.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Evan at 16:16:47 on 2014-01-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5996.3323 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe
C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,
BHO: Plus-HD-4.8: {11111111-1111-1111-1111-110411591114} - C:\Program Files (x86)\Plus-HD-4.8\Plus-HD-4.8-bho.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: EnhanceTronic: {f530d5e8-9d18-4cba-b7cc-95944f9ebe3d} - C:\Program Files (x86)\EnhanceTronic\EnhanceTronicbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Evan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableRegedit = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{479DC122-3FB6-4756-A93B-02C608743512} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Plus-HD-4.8: {11111111-1111-1111-1111-110411591114} - C:\Program Files (x86)\Plus-HD-4.8\Plus-HD-4.8-bho64.dll
x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\a9l7ztt2.default\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - bing.com
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: 2013-12-13 14:54; {a414b9c8-afb5-4899-b1dc-d307d6e50473}; C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\a9l7ztt2.default\extensions\{a414b9c8-afb5-4899-b1dc-d307d6e50473}.xpi
FF - ExtSQL: 2014-01-08 16:22; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\a9l7ztt2.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false


FF - user.js: extensions.mysearchdial.id - B870F48501B94C3C
FF - user.js: extensions.mysearchdial.instlDay - 16080
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:52:19
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0101
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 81032274
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzzyDtDtC0BzyyE0CtA0CtN0D0Tzu0SyByEtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - irmsd0101
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 81032274
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzzyDtDtC0BzyyE0CtA0CtN0D0Tzu0SyByEtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2014-1-9 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2014-1-9 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [2014-1-13 1526488]
R1 hlnfd;hlnfd;C:\Windows\System32\drivers\hlnfd.sys [2013-12-4 58256]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140116.001\IDSviA64.sys [2014-1-16 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2014-1-9 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2014-1-9 386168]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-15 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-5-27 873064]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2013-12-4 273000]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-15 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-15 244624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-17 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2014-1-9 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-2-15 257344]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-27 2656280]
R2 Update EnhanceTronic;Update EnhanceTronic;C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe [2013-12-13 97064]
R2 Util EnhanceTronic;Util EnhanceTronic;C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe [2014-1-9 97064]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-19 52264]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-16 137648]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-15 317440]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-17 412712]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-17 25928]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-25 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2014-1-8 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2014-1-8 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2014-1-8 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2014-1-8 34304]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-9 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-10 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-17 19:38:00    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-17 19:38:00    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 18:55:30    --------    d-----w-    C:\Program Files (x86)\Bizzybolt
2014-01-17 18:55:28    --------    d-----w-    C:\Users\Evan\AppData\Roaming\OpenCandy
2014-01-17 18:55:28    --------    d-----w-    C:\Users\Evan\AppData\Local\VisualBeeExe
2014-01-17 18:55:28    --------    d-----w-    C:\Program Files (x86)\Plus-HD-4.8
2014-01-17 17:29:49    --------    d-----w-    C:\Program Files\CCleaner
2014-01-17 16:36:22    --------    d-----w-    C:\Users\Evan\AppData\Roaming\Malwarebytes
2014-01-17 16:34:18    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-17 08:28:30    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{445925D1-8A11-4181-A1B4-C26891A5EFC2}\mpengine.dll
2014-01-17 08:07:12    --------    d-----w-    C:\Users\Evan\AppData\Local\{19C038F7-0507-49EA-AA11-6CD0690387FD}
2014-01-17 07:46:13    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2014-01-17 07:46:13    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2014-01-17 04:56:15    --------    d-----w-    C:\ProgramData\BoostSoftware
2014-01-16 00:31:47    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 22:23:38    --------    d-----w-    C:\Users\Evan\AppData\Roaming\MyTurboPC.com
2014-01-15 22:23:38    --------    d-----w-    C:\Users\Evan\AppData\Roaming\DriverCure
2014-01-15 22:23:20    --------    d-----w-    C:\ProgramData\MyTurboPC.com
2014-01-15 10:02:51    --------    d-----w-    C:\Users\Evan\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2014-01-14 21:08:51    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-14 21:08:51    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-14 21:08:51    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-14 21:08:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-14 21:08:50    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-14 21:08:50    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-14 21:08:50    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-14 21:08:50    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-14 21:08:49    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-13 20:50:43    140800    ----a-w-    C:\Windows\SysWow64\tm20dec.ax
2014-01-13 20:50:37    304128    ----a-w-    C:\Windows\IsUninst.exe
2014-01-13 20:47:09    --------    d-----w-    C:\Program Files (x86)\Final Fantasy VII
2014-01-13 20:45:54    --------    d-----w-    C:\Program Files (x86)\Common Files\AnimeVamp
2014-01-13 05:22:51    --------    d-----w-    C:\Users\Evan\AppData\Roaming\SNS
2014-01-13 01:56:49    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C17ED5E5-8F90-497D-88BC-FBD0E9F83593}\gapaengine.dll
2014-01-13 01:55:00    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2014-01-13 01:54:51    --------    d-----w-    C:\Program Files\Microsoft Security Client
2014-01-11 20:28:39    --------    d-----w-    C:\Users\Evan\AppData\Local\NPE
2014-01-11 04:07:30    --------    d-----w-    C:\Program Files (x86)\ClipGrab
2014-01-11 03:51:22    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-01-11 03:51:22    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2014-01-10 21:55:01    --------    d-----w-    C:\Users\Evan\AppData\Roaming\Easy MP3 Recorder
2014-01-10 21:54:35    --------    d-----w-    C:\Users\Evan\.android
2014-01-10 21:54:27    --------    d-----w-    C:\Users\Evan\AppData\Roaming\newnext.me
2014-01-10 21:54:26    --------    d-----w-    C:\Users\Evan\AppData\Local\cache
2014-01-10 21:54:24    --------    d-----w-    C:\Users\Evan\AppData\Local\genienext
2014-01-10 21:54:23    --------    d-----w-    C:\Users\Evan\AppData\Local\Mobogenie
2014-01-10 21:53:54    --------    d-----w-    C:\Program Files\Highlightly
2014-01-10 21:53:51    --------    d-----w-    C:\Program Files (x86)\Highlightly
2014-01-10 21:53:14    --------    d-----w-    C:\Program Files (x86)\Mobogenie
2014-01-10 19:24:18    --------    d-----w-    C:\Windows\Migration
2014-01-10 08:31:17    --------    d-----w-    C:\5bf990b948ee6bc73ebe3347
2014-01-09 23:26:49    --------    d-----w-    C:\f455e0f9f66b42cec1c02fac16
2014-01-09 19:10:44    912504    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys
2014-01-09 19:10:44    386168    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys
2014-01-09 19:10:43    744568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
2014-01-09 19:10:43    450680    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys
2014-01-09 19:10:43    40568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
2014-01-09 19:10:43    171128    ----a-w-    C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys
2014-01-09 19:10:24    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1207020.003
2014-01-09 18:09:39    --------    d-----w-    C:\Users\Evan\AppData\Roaming\WildTangent
2014-01-09 17:29:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-01-09 17:29:01    293072    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2014-01-09 17:29:01    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-01-09 17:29:01    235216    ----a-w-    C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-01-09 17:29:00    482816    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2014-01-09 17:29:00    469504    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-01-09 17:29:00    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-01-09 17:29:00    353280    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2014-01-09 17:29:00    270848    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-01-09 17:29:00    251392    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-01-09 11:45:09    --------    d-----r-    C:\Program Files (x86)\Skype
2014-01-09 11:20:03    --------    d-----w-    C:\Users\Evan\SyncFolder
2014-01-09 11:15:37    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-09 11:15:37    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-09 11:15:37    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-01-09 11:15:36    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-01-09 11:10:50    --------    d-----w-    C:\Windows\System32\MRT
2014-01-09 11:02:05    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-01-09 11:02:05    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2014-01-09 11:02:00    806096    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-01-09 11:02:00    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-01-09 11:02:00    645120    ----a-w-    C:\Windows\SysWow64\jsIntl.dll
2014-01-09 11:02:00    62464    ----a-w-    C:\Windows\SysWow64\tdc.ocx
2014-01-09 11:02:00    34816    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-09 11:02:00    337408    ----a-w-    C:\Windows\SysWow64\html.iec
2014-01-09 11:02:00    235008    ----a-w-    C:\Windows\System32\elshyph.dll
2014-01-09 11:02:00    182272    ----a-w-    C:\Windows\SysWow64\msls31.dll
2014-01-09 10:57:43    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2014-01-09 10:48:29    --------    d-----w-    C:\Windows\SysWow64\Wat
2014-01-09 10:48:29    --------    d-----w-    C:\Windows\System32\Wat
2014-01-09 09:39:04    --------    d-----w-    C:\4e8c698bdac3102b39ae61c8bae470
2014-01-09 09:03:57    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-01-09 07:58:29    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-01-09 07:58:29    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-01-09 07:58:29    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-01-09 07:58:29    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-01-09 07:58:28    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-01-09 07:58:28    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-01-09 07:58:28    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-01-09 07:51:29    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2014-01-09 07:51:29    5120    ----a-w-    C:\Windows\System32\wmi.dll
2014-01-09 07:51:29    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2014-01-09 06:32:30    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2014-01-09 05:47:43    --------    d-----w-    C:\Users\Evan\AppData\Local\{A0051B84-9DDD-4B76-AC76-132B6BC4F11E}
2014-01-09 05:47:42    --------    d-----w-    C:\Users\Evan\AppData\Local\{30F0B5E6-9AB9-4E3E-AAE1-5C54CFF6F117}
2014-01-09 04:35:59    --------    d-----w-    C:\Users\Evan\AppData\Local\Apple Computer
2014-01-09 04:35:58    --------    d-----w-    C:\Users\Evan\AppData\Roaming\Barnes & Noble
2014-01-09 04:19:36    733184    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2014-01-09 04:19:36    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2014-01-09 04:19:36    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2014-01-09 04:19:36    303236    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2014-01-09 04:19:36    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2014-01-09 04:19:36    180356    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2014-01-09 04:19:36    172032    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2014-01-09 04:16:52    34304    ----a-w-    C:\Windows\System32\drivers\lgandmodem64.sys
2014-01-09 04:16:52    27136    ----a-w-    C:\Windows\System32\drivers\lgandgps64.sys
2014-01-09 04:16:51    27648    ----a-w-    C:\Windows\System32\drivers\lganddiag64.sys
2014-01-09 04:16:51    19456    ----a-w-    C:\Windows\System32\drivers\lgandbus64.sys
2014-01-09 04:16:51    --------    d-----w-    C:\Program Files (x86)\LG Electronics
2014-01-09 04:15:55    --------    d-----w-    C:\LGP505
2014-01-09 04:03:01    --------    d-----w-    C:\Users\Evan\AppData\Roaming\Windows Live Writer
2014-01-09 04:03:01    --------    d-----w-    C:\Users\Evan\AppData\Local\Windows Live Writer
2014-01-08 23:55:22    --------    d-----w-    C:\Users\Evan\AppData\Local\Intel Wireless Display
2014-01-08 23:23:25    --------    d-----w-    C:\Users\Evan\AppData\Local\Macromedia
2014-01-08 23:23:18    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-08 23:23:18    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-08 22:43:52    770384    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2014-01-08 22:43:52    655872    ----a-w-    C:\Windows\SysWow64\msvcr90.dll
2014-01-08 22:43:52    568832    ----a-w-    C:\Windows\SysWow64\msvcp90.dll
2014-01-08 22:43:52    4342088    ----a-w-    C:\Windows\SysWow64\mfc100.dll
2014-01-08 22:43:52    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2014-01-08 22:43:52    224768    ----a-w-    C:\Windows\SysWow64\msvcm90.dll
2014-01-08 22:43:43    53248    ----a-w-    C:\Windows\SysWow64\CommonDL.dll
2014-01-08 22:43:26    --------    d-----w-    C:\ProgramData\LGMOBILEAX
2014-01-08 22:37:45    2414360    ----a-w-    C:\Windows\SysWow64\d3dx9_31.dll
2014-01-08 22:37:09    --------    d-----w-    C:\Program Files (x86)\Common Files\PX Storage Engine
2014-01-08 22:17:08    --------    d-----w-    C:\Users\Evan\AppData\Roaming\BitTorrent
2014-01-08 21:33:58    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2014-01-08 21:32:59    395776    ----a-w-    C:\Windows\System32\webio.dll
2014-01-08 21:31:59    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2014-01-08 21:30:15    800768    ----a-w-    C:\Windows\System32\usp10.dll
2014-01-08 21:29:17    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-01-08 21:28:50    3216384    ----a-w-    C:\Windows\System32\msi.dll
2014-01-08 21:28:49    2342400    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-01-08 21:28:09    95744    ----a-w-    C:\Windows\System32\synceng.dll
2014-01-08 21:28:09    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2014-01-08 21:26:47    805376    ----a-w-    C:\Windows\SysWow64\cdosys.dll
2014-01-08 21:22:40    --------    d-----w-    C:\Program Files (x86)\EnhanceTronic
2014-01-08 21:22:08    --------    d-----w-    C:\Program Files (x86)\AOL Toolbar
2014-01-08 21:14:08    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2014-01-08 21:14:08    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2014-01-08 21:14:08    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2014-01-08 20:55:38    --------    d-----w-    C:\Program Files (x86)\VideoLAN
.
==================== Find3M  ====================
.
2014-01-09 08:31:56    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-09 01:34:35    174200    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-04 19:46:36    58256    ----a-w-    C:\Windows\System32\drivers\hlnfd.sys
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 16:18:19.71 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/6/2010 1:32:55 PM
System Uptime: 1/17/2014 1:44:42 PM (3 hours ago)
.
Motherboard: Gateway |  | SJV50_HR
Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 798/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 369.159 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 1/10/2014 10:51:29 PM - Windows Update
RP22: 1/14/2014 4:18:20 PM - Windows Update
RP23: 1/15/2014 3:00:14 AM - Windows Update
RP24: 1/15/2014 5:03:59 AM - Removed Times Reader
RP25: 1/17/2014 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.1 MUI
Agatha Christie - 4:50 from Paddington
Backup Manager V3
Bejeweled 2 Deluxe
Bing Bar
Broadcom Card Reader Driver Installer
Broadcom Gigabit NetLink Controller
Build-a-lot 2
CCleaner
Chuzzle Deluxe
ClipGrab 3.3.0.4
CyberLink MediaEspresso
CyberLink PowerDVD 10
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
EnhanceTronic
FATE - The Traitor Soul
Final Drive: Nitro
Final Fantasy VII - Ultima Edition
Galerie de photos Windows Live
Game Channels
Gateway Games
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
Google Update Helper
Highlightly
HomeMedia
Identity Card
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Wireless Display
Jewel Quest Heritage
Junk Mail filter update
Launch Manager
LG United Mobile Driver
LG USB WML Modem Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Internet Security
Norton Online Backup
Penguins!
Plants vs. Zombies - Game of the Year
Plus-HD-4.8
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Skype Click to Call
Skype™ 6.11
Synaptics Pointing Device Driver
Torchlight
Update Installer for WildTangent Games App
Video Web Camera
Virtual Villagers 4 - The Tree of Life
VisualBee for Microsoft PowerPoint
VLC media player 2.1.2
Welcome Center
WildTangent Games App
Winamp
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (32-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
1/12/2014 9:05:41 PM, Error: Service Control Manager [7034]  - The Level Quality Watcher service terminated unexpectedly.  It has done this 1 time(s).
1/11/2014 1:10:22 AM, Error: Service Control Manager [7034]  - The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
1/10/2014 2:47:59 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  hlnfd
.
==== End Of File ===========================
 

[Maniac]

Hello Nervchild! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

I notice that you are using more than one antivirus program.

• Microsoft Security Essentials
• Norton Internet Security
• This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. I recommend you to uninstall Microsoft Security Essentials .

  Also, please uninstall the following applications:

  Plus-HD-4.8

  EnhanceTronic

  When you are done, please reboot your system.

  Step 2

  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  Step 3

  Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
  Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

  In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

[Nervchild]

i dont understand your logic. Why am i uninstalling Plus-HD and Enhance Tronic? When i look at the file Enhance Tronic it tells me not to do anything to them cuz if i do it could potentially harm my os. Thanks but no thanks.

 

Then on top of that you want me to download THREE, THREE Anti Adware programs and run system scans just to delete everything each one finds. Besides i thought you just said i shouldent run more than one at a time anyway. And if thats the case why the three? why wouldent i just delete everything malwarebytes detects the first time?

 

Im sorry but your instructions just dont make any sence to me. Please can you explain in full what the purpose of each step is and why, and why i wouldent just "check all" with malwarebytes and "remove" initially the first time through.

 

A lot of those files that MAY be infected look pretty important like i really shouldent get rid of them at all.

Im sorry but i just dont understand your instructions

[Nervchild]

This is now my THIRD time typing out what was trying to be an apology to you sir before my browser decided to shat out on me and just close for absolutly no reason at all. I would like to say im sorry. Sorry for second questioning you, sorry for making acusations and accusing you and im sorry for insinuating like I knew what i should suppose to do "in the first place" I was inexcusably wrong of me to make such assumtions about how i thought would be the right, or better way to handle the situation. I sincearly apologize to you sir and would like to take everything i said back. I was not feeling quite right at the time and do not what got over me. I have taken the proper steps to move forward and do what was origonally asked of me in the first place. again my deepest regrets. i look forward to recieving any future replys you may have on the subject matter. 

 

I would also like to explain i wasent feeling quite like myself. its a rare instance and NOT an excuse it just explains why i was so pundgy. I am very, very, apologetic

[Nervchild]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Evan on Fri 01/17/2014 at 21:40:53.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2196416822-1739200859-2040021831-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    NextLive    REG_SZ    C:\Windows\SysWOW64\rundll32.exe "C:\Users\Evan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\boostsoftware
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411591114}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411591114}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Evan\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Evan\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Evan\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\local\visualbeeexe"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{19C038F7-0507-49EA-AA11-6CD0690387FD}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{30F0B5E6-9AB9-4E3E-AAE1-5C54CFF6F117}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{A0051B84-9DDD-4B76-AC76-132B6BC4F11E}



~~~ FireFox

Successfully deleted: [File] C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\a9l7ztt2.default\user.js
Successfully deleted: [File] C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\a9l7ztt2.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\a9l7ztt2.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Folder] C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\a9l7ztt2.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted the following from C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\a9l7ztt2.default\prefs.js

user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("extensions.crossrider.bic", "14373dffcbe9edff547f6a49ca9039f0");
user_pref("extensions.mysearchdial.aflt", "irmsd0101");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzzyDtDtC0BzyyE0CtA0CtN0D0Tzu0SyByEtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
user_pref("extensions.mysearchdial.cr", "81032274");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);

user_pref("extensions.mysearchdial.id", "B870F48501B94C3C");
user_pref("extensions.mysearchdial.instlDay", "16080");
user_pref("extensions.mysearchdial.instlRef", "");

user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");

user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:52:19");
Emptied folder: C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\a9l7ztt2.default\minidumps [23 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Evan\appdata\local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/17/2014 at 22:01:18.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Nervchild]

# AdwCleaner v3.017 - Report created 17/01/2014 at 22:35:06
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Evan - EVAN-PC
# Running from : C:\Users\Evan\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : hlsvc
Service Deleted : hlnfd

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Highlightly
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files\Highlightly
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Evan\AppData\Local\genienext
Folder Deleted : C:\Users\Evan\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Evan\AppData\Roaming\newnext.me
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\gethighlightly@gethighlightly.com
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Evan\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Windows\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\a9l7ztt2.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("extensions.crossrider.bic", "14373dffcbe9edff547f6a49ca9039f0");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzzyDtDtC0BzyyE0CtA0CtN0D0Tzu0SyByEtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "81032274");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.id", "B870F48501B94C3C");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16080");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:52:19");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [7692 octets] - [17/01/2014 22:33:01]
AdwCleaner[s0].txt - [7242 octets] - [17/01/2014 22:35:06]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7302 octets] ##########
 

[Nervchild]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.17.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Evan :: EVAN-PC [administrator]

Protection: Enabled

1/17/2014 10:44:06 PM
mbam-log-2014-01-17 (22-44-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Startup | P2P
Objects scanned: 349999
Time elapsed: 1 hour(s), 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EA3802D2-C00A-4478-9319-34075A31C28F} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\Interface\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\Bizzybolt (PUP.Optional.Bizzybolt) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)
 

[Nervchild]

again i would like to thank you for helping me

[Maniac]

I completely understand your concerns and these are normal questions as long as they comply with good tone. For the following these steps is necessary to have at least understanding, my opinion is that there must be trust. If you do not trust me, I can not help you in the true sense of the word.

About your antivirus programs: To running two or more antivirus programs is dangerous. Having two antivirus leads to: slow perfomance (in better case), unstable system and not fully functional antivirus program, so could miss attacks to your system and so on. Why I recommend to uninstall Microsoft Security Essentials? First of all, it's a basic protection (viruses and malware), to compare Norton Internet Security is a set of protections: antivirus, antimalware, firewall and so on. Which is a one idea better than Microsoft Security Essentials. Second, according to last reports from testing organisations like AV-Comparatives, AV-Test and etc., MSE missing the latest threats. For example, this news here:

http://news.softpedia.com/news/Microsoft-Security-Essentials-Leaves-Percent-of-Malware-to-Reach-Your-Computer-411098.shtml

I would like to uninstall Plus-HD program, because is Crossrider cross-browser plugin, often bundled with third party software or part of an adware bundle - detected as Adware.CrossRider and by Malwarebytes Anti-Malware as PUP.Optional.PlusHD.A .

I would like to uninstall EnhanceTronic, because is Sambreel adware variant, displays pop ups messages with various coupons and discount codes while you are browsing the internet and resets Home and Search pages - detected by Malwarebytes Anti-Malware as "PUP.Optional.Sambreel.A".

Everything I said to you is a public information. Just googling and you will find it.

Let me know if you still want to work with me.

[Nervchild]

yes i understand everything you have said to me. i do trust you. like i said i wasent feeling very much myself and when im like that eveything is suspicious to me so please dont take what i said personally. I would very much still like to work with you. If there is anything else i should be doing please let me know. again thank you.

[Maniac]

Please update Malwarebytes and perform this time Quick scan and post the log here.

[gringo_pr]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!