Browsers hijacked and unable to fix - please help

greygary · February 16, 2014

I foolishly downloaded the Youtube Downloader software and since then have had my browsers hijacked. The symptom is that I am unable to get my homepage (Google) to stay as my homepage, I follow the instructions to set the homepage but it reverts to Yahoo each time. I have tried using various anti malware software including Malwarebytes Anti-malware but the problem persists. I have also uninstalled the Youtube downloader. I have uninstalled Firefox and Chrome and have reinstalled them but the problem is still there. I have looked for the Spigot folder in Program Files-Common Files but it is not there. I believe that Spigot is the cause of the problem since the homepage in Firefox is:

http://uk.search.yahoo.com/?type=541231&fr=spigot-yhp-ff

I would be very grateful for help on fixing this problem.

MrCharlie · February 16, 2014

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

greygary · February 17, 2014

Mr Charlie,

Thank you for your swift reply. Here are the DDS and Attach logs:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2

Run by Gary and Ruth at 10:52:52 on 2014-02-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3070.1080 [GMT 0:00]

.

AV: AVG Internet Security Business Edition *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: AVG Internet Security Business Edition *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security Business Edition *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2013\avgfws.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe

C:\Windows\system32\lxddcoms.exe

C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Windows\System32\StkASv2K.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\KeyScrambler\KeyScrambler.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe

C:\Users\Gary and Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll

BHO: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office 15\root\office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto

uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s

mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart

dRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

StartupFolder: c:\users\garyan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\gary and ruth\appdata\roaming\dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:221

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1 0.0.0.0

TCP: Interfaces\{E1A61DE1-A2F1-4262-A04D-CE5057E63F2F} : DHCPNameServer = 192.168.1.1 0.0.0.0

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\gary and ruth\appdata\roaming\mozilla\firefox\profiles\0zx5oanf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft office 15\root\office15\NPSPWRAP.DLL

FF - plugin: c:\program files\microsoft office 15\root\vfs\programfilesx86\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-10-23 39224]

R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2013-10-20 14528]

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2011-9-26 39472]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-10-23 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-1-10 881440]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2013-10-23 1432080]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2014-2-4 1677648]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2014-2-16 341824]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2014-2-4 375056]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 OfficeSvc;Microsoft Office Service;c:\program files\microsoft office 15\clientx86\integratedoffice.exe [2013-12-21 1320120]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-2-15 3921880]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-2-15 1042272]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-2-15 171416]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-9-27 209016]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-17 40776]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2012-3-27 319264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-12-20 8192]

S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-1-10 2151200]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]

S2 SecureUpdateSvc;SecureUpdate;c:\program files\secure speed dial\ie\secureupdate.exe --> c:\program files\secure speed dial\ie\SecureUpdate.exe [?]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-11-11 20328]

S3 FXDrv32;FXDrv32;c:\program files\foxconn\fox liveupdate\FXDrv32.sys [2012-1-16 23872]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-1 14848]

S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2014-2-16 32288]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-7-26 13464]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-1 49664]

S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2014-2-16 20944]

S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2014-2-16 21480]

.

=============== Created Last 30 ================

.

2014-02-17 08:46:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-02-15 16:42:52 -------- d-----w- c:\program files\HitmanPro

2014-02-15 16:42:25 -------- d-----w- c:\programdata\HitmanPro

2014-02-15 14:18:56 18968 ----a-w- c:\windows\system32\sdnclean.exe

2014-02-15 14:18:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2014-02-15 14:18:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2014-02-14 22:50:44 -------- d-----w- C:\AdwCleaner

2014-02-13 22:35:28 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2014-02-05 21:36:27 -------- d-----w- c:\programdata\GlarySoft

2014-02-05 21:36:17 -------- d-----w- c:\program files\Glary Utilities 4

2014-02-05 17:58:56 -------- d-----w- c:\program files\LogMeIn Hamachi

2014-02-04 21:20:21 -------- d-----w- c:\program files\lookinglink

2014-01-31 20:35:32 363199 ----a-w- c:\programdata\SPLC747.tmp

2014-01-31 20:25:15 363199 ----a-w- c:\programdata\SPL47C6.tmp

2014-01-22 17:51:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2014-02-04 21:47:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-02-04 21:47:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-22 01:16:42 101664 ----a-w- c:\windows\system32\BootDefrag.exe

2014-01-22 01:09:34 14528 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2014-01-17 20:00:12 106296 ----a-w- c:\windows\system32\drivers\jraid.sys

2014-01-06 17:49:24 1504064 ----a-w- c:\programdata\SPLA5E2.tmp

2014-01-04 15:33:49 633443 ----a-w- c:\programdata\SPL194.tmp

2013-12-25 17:29:01 796128 ----a-w- c:\programdata\SPL567F.tmp

2013-12-05 22:42:22 9725563 ----a-w- c:\programdata\SPL9CCC.tmp

2013-12-05 22:38:44 9725563 ----a-w- c:\programdata\SPL79AD.tmp

2013-11-27 01:14:25 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-11-27 01:13:46 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-11-27 01:13:44 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-11-27 01:13:41 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-11-27 01:13:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-11-27 01:13:36 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-11-27 01:13:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-11-26 11:11:29 240576 ----a-w- c:\windows\system32\drivers\netio.sys

2013-11-26 10:10:21 2349056 ----a-w- c:\windows\system32\win32k.sys

2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll

2013-11-25 01:48:36 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll

.

============= FINISH: 10:53:14.86 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 26/09/2011 14:12:23

System Uptime: 17/02/2014 08:16:46 (2 hours ago)

.

Motherboard: Foxconn | | 965X7AA

Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Socket 775 | 1586/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 331 GiB total, 285.649 GiB free.

D: is FIXED (NTFS) - 209 GiB total, 71.01 GiB free.

E: is FIXED (NTFS) - 387 GiB total, 134.177 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is Removable

I: is FIXED (NTFS) - 600 GiB total, 600.433 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP260: 08/02/2014 20:12:10 - Scheduled Checkpoint

RP261: 14/02/2014 21:31:57 - Removed IObit Apps Toolbar v8.7.

RP262: 14/02/2014 21:32:43 - Removed IObit Apps Toolbar v8.7.

RP264: 15/02/2014 17:45:43 - Revo Uninstaller's restore point - PassShow

RP266: 15/02/2014 18:10:35 - Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 en-US)

RP268: 15/02/2014 19:31:08 - Revo Uninstaller's restore point - Google Chrome

RP270: 15/02/2014 20:51:51 - Revo Uninstaller's restore point - IObit Malware Fighter

RP272: 15/02/2014 20:54:14 - Revo Uninstaller's restore point - IObit Uninstaller

RP274: 15/02/2014 20:54:58 - Revo Uninstaller's restore point - IObit Unlocker

RP276: 15/02/2014 20:56:18 - Revo Uninstaller's restore point - AccelerateTab

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Photoshop CS6

Adobe Reader X (10.1.9)

Advanced SystemCare 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft ShowBiz

AVG

AVG 2013

Bonjour

calibre

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Digital Photo Professional 3.9

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCleaner

CPUID HWMonitor 1.18

D-Link VGA Webcam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler

Driver Booster

Dropbox

Drv

FOX LiveUpdate

FrogLive 2.2.3

Game Assistant

Glary Utilities 2.54.0.1759

Glary Utilities 4.5

Google Chrome

Google Earth

Google Update Helper

HitmanPro 3.7

IObit Malware Fighter

iTunes

Java 7 Update 51

Java Auto Updater

JMicron JMB36X Driver

KeyScrambler

Lexmark 2500 Series

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.75.0.1300

Marvell Miniport Driver

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Professional Plus 2013 - en-us

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 27.0.1 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Napster Download Manager

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

NirSoft Mail PassView

NVIDIA Control Panel 307.83

NVIDIA Display Control Panel

NVIDIA Graphics Driver 307.83

NVIDIA Install Application

NVIDIA Update 1.10.8

NVIDIA Update Components

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

Paint.NET v3.5.10

Paragon Partition Manager 9.0 Professional

PC Wizard 2010.1.96

PDF Settings CS6

PVSonyDll

QuickTime

Realtek High Definition Audio Driver

Recuva

Revo Uninstaller 1.95

RocketDock 1.3.5

Sibelius Scorch (Firefox, Opera, Netscape only)

Skype™ 6.9

SlimDrivers

Speccy

SpeedFan (remove only)

Spybot - Search & Destroy

Surfing Protection

System Requirements Lab for Intel

TechPowerUp GPU-Z

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

USB Video/Audio Device Driver

VLC media player 2.0.8

VoipStunt

Windows Installer Clean Up

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Wise Registry Cleaner 7.94

.

==== Event Viewer Messages From Past Week ========

.

17/02/2014 08:19:34, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

17/02/2014 08:19:34, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

17/02/2014 08:19:33, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

17/02/2014 08:19:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

17/02/2014 08:19:14, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

17/02/2014 08:19:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

17/02/2014 08:18:44, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

17/02/2014 08:18:44, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

17/02/2014 08:17:24, Error: Service Control Manager [7000] - The SecureUpdate service failed to start due to the following error: The system cannot find the file specified.

17/02/2014 08:17:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.

17/02/2014 08:17:22, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/02/2014 23:16:35, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

16/02/2014 12:32:41, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).

15/02/2014 19:44:05, Error: Service Control Manager [7034] - The SecureUpdate service terminated unexpectedly. It has done this 1 time(s).

14/02/2014 19:25:02, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

.

==== End Of File ===========================

greygary · February 17, 2014

Mr Charlie, here is the Rogue Killer report. i look forward to hearing from you:

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Gary and Ruth [Admin rights]

Mode : Scan -- Date : 02/17/2014 11:11:41

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{C865CB6E-E9A6-4338-A13C-28276832BDB9}.exe - --uninstall=1 [x] -> FOUND

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{0553EB53-132F-468C-AB78-F93FFEEF9C43}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{C865CB6E-E9A6-4338-A13C-28276832BDB9}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{0553EB53-132F-468C-AB78-F93FFEEF9C43}.exe - --uninstall=1 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

[inline] EAT @explorer.exe (pfnMarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x5E176660)

[inline] EAT @explorer.exe (pfnSizeRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x5E16765C)

[inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x5E18A658)

[inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C)

[inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC)

[inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5)

[inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4)

[inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5)

[inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039)

[inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F)

[inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44)

[inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121)

[inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8)

[inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2040)

[inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717)

[inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3)

[inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65)

[inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA)

[inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7)

[inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DAEB7)

[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (Unknown @ 0x70C9C911)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125CDC)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB)

[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00KUWA0 ATA Device +++++

--- User ---

[MBR] 6aaa5f894488b81eb7f51da9c699d170

[bSP] ac890c1cbc3ae4e4b88cf0278ff79278 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 338965 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 694200780 | Size: 614901 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD6400AAKS-00A7B2 ATA Device +++++

--- User ---

[MBR] 8f5bb217161c3e483ee014cc061ee2ff

[bSP] 279c7c11bf87ab37ab7f983c55538dfd : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 213731 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 437723055 | Size: 396745 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_02172014_111141.txt >>

RKreport[0]_S_02162014_190034.txt

MrCharlie · February 17, 2014

Please start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Last..........

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

MrC

greygary · February 17, 2014

Here are the logs:

# AdwCleaner v3.018 - Report created 17/02/2014 at 12:26:46

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

# Username : Gary and Ruth - NOVA-PC

# Running from : C:\Users\Gary and Ruth\Downloads\AdwCleaner (2).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Users\Gary and Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\0zx5oanf.default\prefs.js ]

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\w0neuvmh.default\prefs.js ]

[ File : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\hrgso52y.default\prefs.js ]

[ File : C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\q0aqodlz.default\prefs.js ]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Gary and Ruth\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [5196 octets] - [14/02/2014 22:50:49]

AdwCleaner[R1].txt - [4826 octets] - [15/02/2014 17:49:08]

AdwCleaner[R2].txt - [3073 octets] - [16/02/2014 17:29:23]

AdwCleaner[R3].txt - [2787 octets] - [16/02/2014 17:42:31]

AdwCleaner[R4].txt - [1857 octets] - [17/02/2014 12:22:15]

AdwCleaner[s0].txt - [4818 octets] - [15/02/2014 17:53:53]

AdwCleaner[s1].txt - [3218 octets] - [16/02/2014 17:39:15]

AdwCleaner[s2].txt - [2722 octets] - [16/02/2014 18:03:57]

AdwCleaner[s3].txt - [1782 octets] - [17/02/2014 12:26:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1842 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Ultimate x86

Ran by Gary and Ruth on 17/02/2014 at 12:32:32.87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\secure speed dial"

Successfully deleted: [Empty Folder] C:\Users\Gary and Ruth\appdata\local\{0749DA63-40DB-4B99-95F8-740C69DDD554}

Successfully deleted: [Empty Folder] C:\Users\Gary and Ruth\appdata\local\{172C41CC-5298-4861-9206-C231738D69AD}

Successfully deleted: [Empty Folder] C:\Users\Gary and Ruth\appdata\local\{77A659F5-D498-4318-B24D-85BA55C5B11E}

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/02/2014 at 12:36:26.56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.02.17.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 11.0.9600.16476

Gary and Ruth :: NOVA-PC [administrator]

17/02/2014 12:43:56

mbam-log-2014-02-17 (12-43-56).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 322075

Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014

Ran by Gary and Ruth (administrator) on NOVA-PC on 17-02-2014 13:48:39

Running from D:\Downloads\Downloads from Firefox from 27.9.12

Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe

( ) C:\Windows\system32\lxddcoms.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe

(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files\RocketDock\RocketDock.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe

(Dropbox, Inc.) C:\Users\Gary and Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2000-01-01] ()

HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2014-01-11] (Realtek Semiconductor)

HKLM\...\Run: [KeyScrambler] - C:\Program Files\KeyScrambler\keyscrambler.exe [508144 2013-11-14] (QFX Software Corporation)

HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.)

HKLM\...\Run: [sDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]

HKU\.DEFAULT\...\Run: [Advanced SystemCare 6] - "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

HKU\S-1-5-21-2803959725-1739620038-3095770344-1001\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()

HKU\S-1-5-21-2803959725-1739620038-3095770344-1001\...\Run: [Advanced SystemCare 7] - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-18] (IObit)

HKU\S-1-5-21-2803959725-1739620038-3095770344-1001\...\Run: [spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKU\S-1-5-21-2803959725-1739620038-3095770344-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

Startup: C:\Users\Gary and Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Gary and Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=541231&fr=spigot-yhp-ie

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {DA90F46B-A1AB-46AA-B433-85EF548FF7C0} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=541231&p={searchTerms}

SearchScopes: HKCU - {DA90F46B-A1AB-46AA-B433-85EF548FF7C0} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=541231&p={searchTerms}

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

FireFox:

========

FF ProfilePath: C:\Users\Gary and Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\0zx5oanf.default

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

FF Extension: Ads Removal - C:\Users\Gary and Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\0zx5oanf.default\Extensions\adsremoval@adsremoval.net [2014-02-16]

FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files\PassShow\154.xpi

Chrome:

=======

CHR DefaultSearchKeyword: google.co.uk

CHR DefaultNewTabURL:

CHR Extension: (Google Drive) - C:\Users\Gary and Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]

CHR Extension: (YouTube) - C:\Users\Gary and Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]

CHR Extension: (Google Search) - C:\Users\Gary and Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]

CHR Extension: (Ads Removal) - C:\Users\Gary and Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2014-02-16]

CHR Extension: (Google Wallet) - C:\Users\Gary and Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]

CHR Extension: (Gmail) - C:\Users\Gary and Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]

CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)

R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1677648 2014-02-04] (LogMeIn Inc.)

R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)

S2 KMService; C:\Windows\system32\srvany.exe [8192 2013-05-26] ()

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)

R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-02-04] (LogMeIn, Inc.)

S2 lxddCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [99248 2007-05-25] (Lexmark International, Inc.)

R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-10-31] (Microsoft Corporation)

R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)

S2 SecureUpdateSvc; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)

S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows ® Win 7 DDK provider)

S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [24576 2008-04-03] (eMPIA Technology, Inc.)

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)

S3 FXDrv32; C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [23872 2005-12-20] (Your Corporation)

R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()

R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)

R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [39472 2008-01-21] (Paragon Software Group)

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)

R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [106296 2014-01-17] (JMicron Technology Corp.)

R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)

S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)

R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)

S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)

S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-11-02] ()

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)

S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [583680 2010-08-20] (eMPIA Technology, Inc.)

S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [840704 2010-08-20] (eMPIA Technology, Inc.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-17 13:48 - 2014-02-17 13:48 - 00000000 ____D () C:\FRST

2014-02-17 12:36 - 2014-02-17 12:36 - 00002085 _____ () C:\Users\Gary and Ruth\Desktop\JRT.txt

2014-02-17 12:32 - 2014-02-17 12:32 - 00000000 ____D () C:\Windows\ERUNT

2014-02-17 12:31 - 2014-02-17 12:31 - 01037530 _____ (Thisisu) C:\Users\Gary and Ruth\Desktop\JRT (1).exe

2014-02-17 12:30 - 2014-02-17 12:30 - 00001922 _____ () C:\Users\Gary and Ruth\Desktop\AdwCleaner[s3] -after clean.txt

2014-02-17 12:28 - 2014-02-17 12:28 - 00000056 _____ () C:\Windows\setupact.log

2014-02-17 12:28 - 2014-02-17 12:28 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-17 12:26 - 2014-02-17 12:26 - 00001857 _____ () C:\Users\Gary and Ruth\Desktop\AdwCleaner[R4].txt

2014-02-17 11:11 - 2014-02-17 11:11 - 00006626 _____ () C:\Users\Gary and Ruth\Desktop\RKreport[0]_S_02172014_111141.txt

2014-02-17 10:53 - 2014-02-17 10:53 - 00019293 _____ () C:\Users\Gary and Ruth\Desktop\dds.txt

2014-02-17 10:53 - 2014-02-17 10:53 - 00008939 _____ () C:\Users\Gary and Ruth\Desktop\attach.txt

2014-02-16 20:02 - 2014-02-17 11:10 - 00000000 ____D () C:\Users\Gary and Ruth\Desktop\Hijacked Browser folder

2014-02-16 19:00 - 2014-02-16 19:00 - 00006307 _____ () C:\Users\Gary and Ruth\Desktop\RKreport[0]_S_02162014_190034.txt

2014-02-16 13:07 - 2014-02-16 13:07 - 00000081 _____ () C:\Users\Gary and Ruth\Desktop\RogueKiller 32 Bit.url

2014-02-16 12:45 - 2014-02-16 19:00 - 00000000 ____D () C:\Users\Gary and Ruth\Desktop\RK_Quarantine

2014-02-15 19:39 - 2014-02-15 19:39 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-02-15 18:17 - 2014-02-15 18:17 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-15 18:16 - 2014-02-15 18:16 - 24475680 _____ (Mozilla) C:\Users\Gary and Ruth\Downloads\Firefox Setup 27.0.1.exe

2014-02-15 18:00 - 2014-02-15 18:01 - 09988304 _____ (SurfRight B.V.) C:\Users\Gary and Ruth\Downloads\HitmanPro.exe

2014-02-15 17:00 - 2014-02-15 17:00 - 01166132 _____ () C:\Users\Gary and Ruth\Downloads\AdwCleaner (2).exe

2014-02-15 16:42 - 2014-02-15 18:08 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-02-15 16:42 - 2014-02-15 18:02 - 00000000 ____D () C:\Program Files\HitmanPro

2014-02-15 16:36 - 2014-02-15 16:36 - 00930440 _____ (CNET Download.com) C:\Users\Gary and Ruth\Downloads\cbsidlm-cbsi176-HitmanPro_3_32bit-SEO-10895604.exe

2014-02-15 16:34 - 2014-02-15 16:34 - 00930440 _____ (CNET Download.com) C:\Users\Gary and Ruth\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe

2014-02-15 16:31 - 2014-02-15 16:31 - 01166132 _____ () C:\Users\Gary and Ruth\Downloads\adwcleaner (1).exe

2014-02-15 16:09 - 2014-02-15 16:09 - 00000012 _____ () C:\Users\Gary and Ruth\AppData\Roaming\mbam.context.scan

2014-02-15 14:18 - 2014-02-15 15:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-02-15 14:18 - 2014-02-15 14:20 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

2014-02-15 14:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe

2014-02-15 14:16 - 2014-02-15 14:17 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Gary and Ruth\Downloads\spybot-2.2.exe

2014-02-14 22:54 - 2014-02-14 22:54 - 00000262 _____ () C:\Users\Gary and Ruth\Desktop\Homepage changed to httpsearch.yahoo.comtype=937811&fr=spigot-yhp-ff - Resolved HijackThis Logs - Malwarebytes Forum.URL

2014-02-14 22:50 - 2014-02-17 12:27 - 00000000 ____D () C:\AdwCleaner

2014-02-14 22:50 - 2014-02-14 22:50 - 01166132 _____ () C:\Users\Gary and Ruth\Downloads\AdwCleaner.exe

2014-02-14 21:29 - 2014-02-17 12:32 - 00178202 _____ () C:\Windows\WindowsUpdate.log

2014-02-13 22:35 - 2013-11-19 16:52 - 00031008 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe

2014-02-07 20:51 - 2014-02-07 20:51 - 00000210 _____ () C:\Users\Gary and Ruth\Desktop\MP3Fiber - YouTube to MP3 Online Converter.URL

2014-02-05 21:36 - 2014-02-17 12:30 - 00000336 _____ () C:\Windows\Tasks\GlaryInitialize 4.job

2014-02-05 21:36 - 2014-02-05 21:36 - 00000000 ____D () C:\ProgramData\GlarySoft

2014-02-05 21:36 - 2014-02-05 21:36 - 00000000 ____D () C:\Program Files\Glary Utilities 4

2014-02-05 17:58 - 2014-02-05 17:58 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi

2014-02-04 21:20 - 2014-02-07 18:18 - 00000000 ____D () C:\Program Files\lookinglink

2014-02-01 16:53 - 2014-02-01 16:53 - 00000331 _____ () C:\Users\Gary and Ruth\Downloads\r5l_heaacv2.pls

2014-01-31 20:35 - 2014-01-31 20:35 - 00363199 _____ () C:\ProgramData\SPLC747.tmp

2014-01-31 20:25 - 2014-01-31 20:25 - 00363199 _____ () C:\ProgramData\SPL47C6.tmp

2014-01-22 17:51 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-01-22 17:51 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-01-22 17:51 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-01-22 17:51 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-01-22 17:50 - 2014-01-22 17:51 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-17 13:48 - 2014-02-17 13:48 - 00000000 ____D () C:\FRST

2014-02-17 13:47 - 2013-02-10 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-17 13:16 - 2011-11-22 21:15 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-17 12:45 - 2009-07-14 04:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-17 12:45 - 2009-07-14 04:34 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-17 12:36 - 2014-02-17 12:36 - 00002085 _____ () C:\Users\Gary and Ruth\Desktop\JRT.txt

2014-02-17 12:32 - 2014-02-17 12:32 - 00000000 ____D () C:\Windows\ERUNT

2014-02-17 12:32 - 2014-02-14 21:29 - 00178202 _____ () C:\Windows\WindowsUpdate.log

2014-02-17 12:31 - 2014-02-17 12:31 - 01037530 _____ (Thisisu) C:\Users\Gary and Ruth\Desktop\JRT (1).exe

2014-02-17 12:30 - 2014-02-17 12:30 - 00001922 _____ () C:\Users\Gary and Ruth\Desktop\AdwCleaner[s3] -after clean.txt

2014-02-17 12:30 - 2014-02-05 21:36 - 00000336 _____ () C:\Windows\Tasks\GlaryInitialize 4.job

2014-02-17 12:29 - 2014-01-11 16:43 - 00000288 _____ () C:\Windows\Tasks\Driver Booster Update.job

2014-02-17 12:29 - 2013-06-07 17:52 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2014-02-17 12:29 - 2013-06-03 18:08 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-02-17 12:29 - 2013-03-31 17:18 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize.job

2014-02-17 12:29 - 2013-03-02 15:26 - 00000000 ____D () C:\Users\Gary and Ruth\AppData\Roaming\Dropbox

2014-02-17 12:29 - 2013-01-20 16:38 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job

2014-02-17 12:29 - 2012-08-20 10:11 - 00000000 ____D () C:\Users\Gary and Ruth\AppData\Local\LogMeIn Hamachi

2014-02-17 12:29 - 2011-11-22 21:15 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-17 12:28 - 2014-02-17 12:28 - 00000056 _____ () C:\Windows\setupact.log

2014-02-17 12:28 - 2014-02-17 12:28 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-17 12:28 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-17 12:27 - 2014-02-14 22:50 - 00000000 ____D () C:\AdwCleaner

2014-02-17 12:26 - 2014-02-17 12:26 - 00001857 _____ () C:\Users\Gary and Ruth\Desktop\AdwCleaner[R4].txt

2014-02-17 11:43 - 2011-09-27 09:25 - 00000000 ____D () C:\Users\Gary and Ruth\Documents\Outlook Files

2014-02-17 11:11 - 2014-02-17 11:11 - 00006626 _____ () C:\Users\Gary and Ruth\Desktop\RKreport[0]_S_02172014_111141.txt

2014-02-17 11:10 - 2014-02-16 20:02 - 00000000 ____D () C:\Users\Gary and Ruth\Desktop\Hijacked Browser folder

2014-02-17 10:53 - 2014-02-17 10:53 - 00019293 _____ () C:\Users\Gary and Ruth\Desktop\dds.txt

2014-02-17 10:53 - 2014-02-17 10:53 - 00008939 _____ () C:\Users\Gary and Ruth\Desktop\attach.txt

2014-02-17 09:24 - 2011-09-26 15:22 - 00000000 ____D () C:\ProgramData\MFAData

2014-02-16 19:22 - 2011-09-26 17:49 - 00000000 ____D () C:\Program Files\Lx_cats

2014-02-16 19:00 - 2014-02-16 19:00 - 00006307 _____ () C:\Users\Gary and Ruth\Desktop\RKreport[0]_S_02162014_190034.txt

2014-02-16 19:00 - 2014-02-16 12:45 - 00000000 ____D () C:\Users\Gary and Ruth\Desktop\RK_Quarantine

2014-02-16 13:07 - 2014-02-16 13:07 - 00000081 _____ () C:\Users\Gary and Ruth\Desktop\RogueKiller 32 Bit.url

2014-02-15 20:59 - 2011-11-20 17:26 - 00000000 ____D () C:\Users\Gary and Ruth\Desktop\Computer utilities

2014-02-15 19:39 - 2014-02-15 19:39 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-02-15 19:39 - 2011-11-22 21:14 - 00000000 ____D () C:\Program Files\Google

2014-02-15 18:18 - 2013-10-13 11:02 - 00000000 ____D () C:\Users\Gary and Ruth\AppData\Roaming\Mozilla

2014-02-15 18:17 - 2014-02-15 18:17 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-15 18:17 - 2014-02-15 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-15 18:16 - 2014-02-15 18:16 - 24475680 _____ (Mozilla) C:\Users\Gary and Ruth\Downloads\Firefox Setup 27.0.1.exe

2014-02-15 18:08 - 2014-02-15 16:42 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-02-15 18:02 - 2014-02-15 16:42 - 00000000 ____D () C:\Program Files\HitmanPro

2014-02-15 18:01 - 2014-02-15 18:00 - 09988304 _____ (SurfRight B.V.) C:\Users\Gary and Ruth\Downloads\HitmanPro.exe

2014-02-15 17:40 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Cursors

2014-02-15 17:00 - 2014-02-15 17:00 - 01166132 _____ () C:\Users\Gary and Ruth\Downloads\AdwCleaner (2).exe

2014-02-15 16:36 - 2014-02-15 16:36 - 00930440 _____ (CNET Download.com) C:\Users\Gary and Ruth\Downloads\cbsidlm-cbsi176-HitmanPro_3_32bit-SEO-10895604.exe

2014-02-15 16:34 - 2014-02-15 16:34 - 00930440 _____ (CNET Download.com) C:\Users\Gary and Ruth\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe

2014-02-15 16:31 - 2014-02-15 16:31 - 01166132 _____ () C:\Users\Gary and Ruth\Downloads\adwcleaner (1).exe

2014-02-15 16:09 - 2014-02-15 16:09 - 00000012 _____ () C:\Users\Gary and Ruth\AppData\Roaming\mbam.context.scan

2014-02-15 15:05 - 2014-02-15 14:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-02-15 14:20 - 2014-02-15 14:18 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

2014-02-15 14:17 - 2014-02-15 14:16 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Gary and Ruth\Downloads\spybot-2.2.exe

2014-02-14 22:54 - 2014-02-14 22:54 - 00000262 _____ () C:\Users\Gary and Ruth\Desktop\Homepage changed to httpsearch.yahoo.comtype=937811&fr=spigot-yhp-ff - Resolved HijackThis Logs - Malwarebytes Forum.URL

2014-02-14 22:50 - 2014-02-14 22:50 - 01166132 _____ () C:\Users\Gary and Ruth\Downloads\AdwCleaner.exe

2014-02-14 21:26 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\schemas

2014-02-13 23:00 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\security

2014-02-13 20:22 - 2012-12-31 17:17 - 00000000 ____D () C:\Users\Gary and Ruth\AppData\Roaming\IObit

2014-02-13 20:22 - 2012-12-31 17:17 - 00000000 ____D () C:\Program Files\IObit

2014-02-12 20:53 - 2011-09-27 19:12 - 00000592 ____H () C:\Users\Gary and Ruth\Documents\fp.xml

2014-02-10 21:20 - 2012-01-14 14:50 - 00000000 ____D () C:\Users\Gary and Ruth\AppData\Roaming\Skype

2014-02-09 13:16 - 2013-08-29 15:52 - 00000000 ____D () C:\Windows\Minidump

2014-02-08 19:36 - 2009-07-14 02:03 - 71041024 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-02-08 19:36 - 2009-07-14 02:03 - 01310720 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-02-08 19:36 - 2009-07-14 02:03 - 00131072 _____ () C:\Windows\system32\config\SAM.bak

2014-02-08 19:36 - 2009-07-14 02:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak

2014-02-08 14:34 - 2012-12-31 17:18 - 00000000 ____D () C:\ProgramData\IObit

2014-02-08 12:30 - 2013-08-09 13:18 - 00000000 ____D () C:\Windows\pss

2014-02-07 20:51 - 2014-02-07 20:51 - 00000210 _____ () C:\Users\Gary and Ruth\Desktop\MP3Fiber - YouTube to MP3 Online Converter.URL

2014-02-07 18:18 - 2014-02-04 21:20 - 00000000 ____D () C:\Program Files\lookinglink

2014-02-05 21:36 - 2014-02-05 21:36 - 00000000 ____D () C:\ProgramData\GlarySoft

2014-02-05 21:36 - 2014-02-05 21:36 - 00000000 ____D () C:\Program Files\Glary Utilities 4

2014-02-05 21:36 - 2013-09-16 20:34 - 00000000 ____D () C:\Program Files\Glary Utilities 3

2014-02-05 21:36 - 2013-03-31 17:18 - 00000000 ____D () C:\Users\Gary and Ruth\AppData\Roaming\Glarysoft

2014-02-05 17:58 - 2014-02-05 17:58 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi

2014-02-04 21:47 - 2012-04-07 13:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-04 21:47 - 2011-09-28 15:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-01 19:20 - 2011-09-26 20:11 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner

2014-02-01 19:17 - 2011-09-26 21:45 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-01 16:53 - 2014-02-01 16:53 - 00000331 _____ () C:\Users\Gary and Ruth\Downloads\r5l_heaacv2.pls

2014-01-31 20:35 - 2014-01-31 20:35 - 00363199 _____ () C:\ProgramData\SPLC747.tmp

2014-01-31 20:25 - 2014-01-31 20:25 - 00363199 _____ () C:\ProgramData\SPL47C6.tmp

2014-01-31 08:19 - 2011-09-26 13:17 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-01-27 20:37 - 2011-09-27 12:13 - 00000000 ____D () C:\Program Files\KeyScrambler

2014-01-26 13:50 - 2011-09-30 18:54 - 00000000 ____D () C:\Users\Gary and Ruth\AppData\Roaming\ZoomBrowser EX

2014-01-22 17:51 - 2014-01-22 17:50 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

2014-01-22 17:51 - 2013-10-30 17:36 - 00000000 ____D () C:\ProgramData\Oracle

2014-01-22 17:51 - 2012-04-14 17:39 - 00000000 ____D () C:\Program Files\Java

2014-01-22 01:16 - 2013-09-16 20:34 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe

2014-01-22 01:09 - 2013-10-20 15:24 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys

Some content of TEMP:

====================

C:\Users\Gary and Ruth\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Gary and Ruth\AppData\Local\Temp\Quarantine.exe

C:\Users\Tom\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll

C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-08 17:27

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014

Ran by Gary and Ruth at 2014-02-17 13:49:12

Running from D:\Downloads\Downloads from Firefox from 27.9.12

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: AVG Internet Security Business Edition (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

AS: AVG Internet Security Business Edition (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security Business Edition (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

7-Zip 9.20 (Version: - )

Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)

Advanced SystemCare 7 (Version: 7.1.0 - IObit)

Apple Application Support (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (Version: 2.1.3.127 - Apple Inc.)

ArcSoft ShowBiz (Version: - ArcSoft)

AVG (Version: 3460 - AVG Technologies)

AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.3705 - AVG Technologies) Hidden

Bonjour (Version: 3.0.0.10 - Apple Inc.)

calibre (Version: 0.9.25 - Kovid Goyal)

CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.0.1 - Canon Inc.)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.8.0.1 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1 - Canon Inc.)

Canon MOV Decoder (Version: 1.7.0.6 - Canon Inc.)

Canon MOV Encoder (Version: 1.5.0.3 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5 - Canon Inc.)

Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6 - Canon Inc.)

Canon Utilities CameraWindow Launcher (Version: 7.5.0.2 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.9 (Version: 3.9.1.0 - Canon Inc.)

Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4 - Canon Inc.)

Canon Utilities MyCamera (Version: 7.4.0.2 - Canon Inc.)

Canon Utilities PhotoStitch (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities ZoomBrowser EX (Version: 6.6.0.23 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4 - Canon Inc.)

CCleaner (Version: 4.10 - Piriform)

CPUID HWMonitor 1.18 (Version: - )

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)

Defraggler (Version: 2.16 - Piriform)

D-Link VGA Webcam (Version: - )

Driver Booster (Version: 1.2 - IObit)

Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)

Drv (Version: 1.00.0000 - My Company Name)

FOX LiveUpdate (Version: 1.0.8.2 - )

FrogLive 2.2.3 (Version: 2.2.3 - Frog)

Game Assistant (Version: Beta 1.1 - VTools)

Glary Utilities 2.54.0.1759 (Version: 2.54.0.1759 - Glarysoft Ltd)

Glary Utilities 4.5 (Version: 4.5.0.89 - Glarysoft Ltd)

Google Chrome (Version: 32.0.1700.107 - Google Inc.)

Google Earth (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden

HitmanPro 3.7 (Version: 3.7.9.212 - SurfRight B.V.)

IObit Malware Fighter (Version: 2.2 - IObit)

iTunes (Version: 11.1.2.32 - Apple Inc.)

Java 7 Update 51 (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JMicron JMB36X Driver (Version: 1.17.63.1 - JMicron Technology Corp.)

KeyScrambler (Version: 3.3.0.0 - QFX Software Corporation)

Lexmark 2500 Series (Version: - Lexmark International, Inc.)

LogMeIn Hamachi (Version: 2.2.0.130 - LogMeIn, Inc.)

LogMeIn Hamachi (Version: 2.2.0.130 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

Marvell Miniport Driver (Version: 11.45.4.3 - Marvell)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 27.0.1 (x86 en-GB) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

Napster Download Manager (Version: 1.0.0 - Napster)

Nero Burning ROM 10 (Version: 10.2.11000.12.100 - Nero AG)

Nero Burning ROM 10 (Version: 10.5.10300 - Nero AG)

Nero BurningROM 10 Help (CHM) (Version: 10.5.10100 - Nero AG) Hidden

Nero BurnRights 10 (Version: 4.2.10300.0.102 - Nero AG)

Nero BurnRights 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden

Nero Control Center 10 (Version: 10.2.10600.0.6 - Nero AG) Hidden

Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden

Nero Core Components 10 (Version: 2.0.17400.8.2 - Nero AG) Hidden

NirSoft Mail PassView (Version: - )

NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden

NVIDIA Display Control Panel (Version: 6.14.12.5896 - NVIDIA Corporation)

NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden

NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden

Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)

Paragon Partition Manager 9.0 Professional (Version: - Paragon Software Group)

PC Wizard 2010.1.96 (Version: - CPUID)

PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

QuickTime (Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)

Recuva (Version: 1.42 - Piriform)

Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)

RocketDock 1.3.5 (Version: - Punk Software)

Sibelius Scorch (Firefox, Opera, Netscape only) (Version: 6.2.0 - Sibelius Software)

Skype™ 6.9 (Version: 6.9.106 - Skype Technologies S.A.)

SlimDrivers (Version: 2.2.32705 - SlimWare Utilities, Inc.)

Speccy (Version: 1.13 - Piriform)

SpeedFan (remove only) (Version: - )

Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.)

Surfing Protection (Version: 1.0 - IObit)

System Requirements Lab for Intel (Version: 4.5.5.0 - Husdawg, LLC)

TechPowerUp GPU-Z (Version: - TechPowerUp)

Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)

USB Video/Audio Device Driver (Version: 1.00.0000 - EETI)

VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)

VoipStunt (Version: 4.02 build 533 - Finarea S.A. Switzerland)

Windows Installer Clean Up (Version: 3.00.00.0000 - Microsoft Corporation)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Wise Registry Cleaner 7.94 (Version: 7.94 - WiseCleaner.com, Inc.)

==================== Restore Points =========================

08-02-2014 20:12:10 Scheduled Checkpoint

14-02-2014 21:31:57 Removed IObit Apps Toolbar v8.7.

14-02-2014 21:32:43 Removed IObit Apps Toolbar v8.7.

15-02-2014 17:45:43 Revo Uninstaller's restore point - PassShow

15-02-2014 18:10:35 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 en-US)

15-02-2014 19:31:08 Revo Uninstaller's restore point - Google Chrome

15-02-2014 20:51:51 Revo Uninstaller's restore point - IObit Malware Fighter

15-02-2014 20:54:14 Revo Uninstaller's restore point - IObit Uninstaller

15-02-2014 20:54:58 Revo Uninstaller's restore point - IObit Unlocker

15-02-2014 20:56:18 Revo Uninstaller's restore point - AccelerateTab

==================== Hosts content: ==========================

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1EA0A4EE-7A0B-4376-8365-6EE1A3865117} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-10-31] (Microsoft Corporation)

Task: {2C001DFE-7605-4E76-BC6B-8CB1EDECFC89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {35A42947-EA04-4442-B145-89C5A70E3106} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

Task: {4613F633-DEEA-4B6F-8626-8F29A2286C72} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {4673DDA4-9292-48C2-9F77-8B7DBE4F9FED} - System32\Tasks\GU4SkipUAC => C:\Program Files\Glary Utilities 4\Integrator.exe [2014-01-22] (Glarysoft Ltd)

Task: {4C286DA1-6398-4E85-8B9E-C8C4B2105DA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)

Task: {4FE82540-F50C-489A-9D6E-E69B1B42DF88} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-01-07] (IObit)

Task: {586B37C2-F644-45A4-9B84-F4165D7F7D44} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Nova-PC-Gary and Ruth Nova-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-15] (Microsoft Corporation)

Task: {709B1632-D2F5-4D59-AD45-2FD64D3EF92E} - System32\Tasks\GlaryInitialize 4 => C:\Program Files\Glary Utilities 4\Initialize.exe [2014-01-22] (Glarysoft Ltd)

Task: {7C94EA9F-B609-440D-A846-7FD7492DBCDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)

Task: {8418D478-27AB-4523-B8EE-F9A4F0A710BE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {865912D9-B0E2-4095-82AE-929091E5DBD4} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2013-03-21] (Glarysoft Ltd)

Task: {90ECA5DA-764B-4643-ADB5-9F6A9A9CD557} - System32\Tasks\{0DFA6CB5-1AF7-4ABC-B6BB-31FC1E4B7318} => D:\Drivers\namtai_eyetoy_drivers\VIDCAP32.EXE [2003-10-15] (Microsoft Corporation)

Task: {9B026154-FEDE-4888-B119-577ED830C76E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-12-21] (Microsoft Corporation)

Task: {A0929E75-11EC-4AA8-B125-3B240D1A243D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {AD299162-86AA-4216-B54F-CB645B89308C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Task: {B79B9F42-5D31-48C9-B9D8-2C261582A62C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-12-21] (Microsoft Corporation)

Task: {B861FBF2-0EB8-480E-8B57-4E50B336F4F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)

Task: {CF024EF1-A217-470A-B768-3AA338073C21} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{C865CB6E-E9A6-4338-A13C-28276832BDB9}.exe

Task: {D21A7250-0EAD-4373-A693-0D6E12C7B098} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0553EB53-132F-468C-AB78-F93FFEEF9C43}.exe

Task: {EB80F4FF-620C-40A1-8240-87EB62848BC1} - System32\Tasks\ASC7_SkipUac_Gary and Ruth => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-01-08] (IObit)

Task: {F79ABD9E-503D-4DF3-B827-A793970B046E} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{C865CB6E-E9A6-4338-A13C-28276832BDB9}.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0553EB53-132F-468C-AB78-F93FFEEF9C43}.exe

Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe

Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files\Glary Utilities 4\Initialize.exe

Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-09-28 15:51 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll

2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-02-15 14:18 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-02-15 14:18 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

2011-09-28 15:51 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files\RocketDock\RocketDock.exe

2014-01-15 20:06 - 2014-01-15 20:06 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-01-10 18:50 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 7\webres.dll

2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\Gary and Ruth\AppData\Roaming\Dropbox\bin\libcef.dll

2014-02-15 19:39 - 2014-02-01 23:41 - 00715592 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll

2014-02-15 19:39 - 2014-02-01 23:41 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll

2014-02-15 19:39 - 2014-02-01 23:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll

2014-02-15 19:39 - 2014-02-01 23:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

2014-02-15 19:39 - 2014-02-01 23:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Gary and Ruth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: AvgUninstallURL => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1STVhMVy1ITjQ0QS1CQUJQQS1TR1hKQy1QRU1CUg"&"inst=NzYtOTMyMTU1MjAxLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzEtRDM4MUwrNy1JMTIrMQ"&"prod=94"&"ver=2012.0.1809"&"mid=a8917038de6e47d18097d15c1e81a9d6-06ce4fc639803a2e3563922518183d8e94088cb9

MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe"

MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: FrogLIVE => C:\Program Files\Frog\FrogLIVE\FrogLive.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

MSCONFIG\startupreg: lxddamon => "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

MSCONFIG\startupreg: lxddmon.exe => "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2013-10-31 20:25:58.143