Jump to content
Sign in to follow this  
goofy1139

My computer is running soo slow and internet wont goto address I type

Recommended Posts

Hello goofy1139

 

Thank you for the scan data.

 

Lets continue:

 

  • Please work through the following steps

    • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
    • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
    • Copy and Paste the text in the quotebox below into the open Notepad window:

       

      DDS::

      uStart Page = hxxp://www.searchnu.com/406

       

      Firefox::

      FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nww68hdh.default\

      FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406

      FF - ExtSQL: 2012-11-12 13:25; 63ffxtbr@APlusGamer_63.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nww68hdh.default\extensions\63ffxtbr@APlusGamer_63.com

      FF - ExtSQL: 2012-11-12 15:06; 4pffxtbr@MindDabble_4p.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nww68hdh.default\extensions\4pffxtbr@MindDabble_4p.com

      FF - ExtSQL: 2012-12-25 11:28; {f34c9277-6577-4dff-b2d7-7d58092f272f}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nww68hdh.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}

      FF - ExtSQL: 2012-12-25 11:28; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension

      FF - ExtSQL: !HIDDEN! 2012-11-12 15:06; 4pffxtbr@MindDabble_4p.com; c:\program files (x86)\MindDabble_4p\bar\2.bin

      FF - ExtSQL: !HIDDEN! 2012-12-25 11:28; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension

       

      RegLock::

      [HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

      [HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

      [HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001_Classes\Wow6432Node\CLSID\{b5572adb-f71b-41a1-ad6e-0832b120e9ea}]

      [HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001_Classes\Wow6432Node\CLSID\{c9fa1039-b2b9-4ecb-85ad-32f7d18bc0ed}]

       

      Driver::

      MindDabble_4pService

       

      Registry::

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

      "AppInit_DLLs"="c:\windows\System32\nvinitx.dll"

       

      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

      "AppInit_DLLs"="c:\windows\SysWOW64\nvinit.dll"

       

      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}]

      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}]

      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}]

      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D28FF82E-DC7D-E13A-28EC-1D5CD8855ADE}]

      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f34c9277-6577-4dff-b2d7-7d58092f272f}]

       

      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

      "{f34c9277-6577-4dff-b2d7-7d58092f272f}"=-

       

      [-HKEY_CLASSES_ROOT\clsid\{f34c9277-6577-4dff-b2d7-7d58092f272f}]

       

      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

      "MindDabble Search Scope Monitor"=-

       

      File::

      c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll

      c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll

      c:\progra~2\MINDDA~2\bar\2.bin\4pbarsvc.exe

      c:\programdata\Vaudix\508d42f54b62d.ocx

      c:\progra~2\MINDDA~2\bar\2.bin\4psrchmn.exe

       

      Folder::

      c:\progra~2\MINDDA~2

      c:\progra~2\SEARCH~1

      c:\users\Owner\AppData\Local\Coupon Companion Plugin

      c:\program files (x86)\OApps

      c:\program files (x86)\Coupon Companion Plugin

      c:\program files (x86)\Search Results Toolbar

      c:\users\Owner\AppData\Local\iLivid

       

       

    • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
    • Close any open browsers.
    • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Refering to the picture below, drag CFScript.txt into ComboFix.exe

       

      Posted Image

    • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
    • Once the log is produced, re-engage your resident anti virus.
  • Junkware Removal Tool

    • Please re-run the Junkware removal tool and post the log in your next reply.
  • MalwareBytes AntiMalware

    • Open MBAM, update it and run a Full Scan.
    • Post the log in your next reply.
    Please post the Combofix, Junkware Removal Tool and MBAM logs in your next reply and let me know how the machine is running now.

     

    You may need to make more than one post to fit all of the logs in.

Share this post


Link to post
Share on other sites

Hello JonTom

 

I made a mistake. I didn't save the combofix log. When I checked ComboFix.txt I found nothing. I ran ComboFix again and here is that list

 

 

ComboFix 13-01-06.01 - Owner 01/07/2013 19:42:11.8.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4082 [GMT -6:00]

Running from: c:usersOwnerDesktopComboFix.exe

Command switches used :: c:usersOwnerDesktopCFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:progra~2MINDDA~2bar2.bin4pbarsvc.exe"

"c:progra~2MINDDA~2bar2.bin4psrchmn.exe"

"c:progra~2SEARCH~1Datamngrx64datamngr.dll"

"c:progra~2SEARCH~1Datamngrx64IEBHO.dll"

"c:programdataVaudix508d42f54b62d.ocx"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Legacy_NPF

-------Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))

.

.

2013-01-08 02:20 . 2013-01-08 02:20 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp

2013-01-08 02:20 . 2013-01-08 02:20 -------- d-----w- c:usersPublicAppDataLocaltemp

2013-01-08 02:20 . 2013-01-08 02:20 -------- d-----w- c:usersDefaultAppDataLocaltemp

2013-01-07 15:26 . 2013-01-07 15:26 -------- d-----w- c:usersOwnerAppDataLocalPrograms

2013-01-05 17:43 . 2013-01-05 17:43 -------- d-----w- c:program files (x86)WBFS to ISO

2013-01-05 17:41 . 2013-01-05 17:41 -------- d-----w- c:usersOwnerAppDataLocalWajam

2013-01-05 17:40 . 2013-01-05 17:41 -------- d-----w- c:program files (x86)Wajam

2013-01-04 17:34 . 2013-01-04 17:34 -------- d-----w- c:usersOwnerAppDataRoamingYahoo!

2013-01-04 17:34 . 2013-01-04 17:34 -------- d-----w- c:programdataYahoo! Companion

2013-01-04 17:34 . 2013-01-04 17:34 -------- d-----w- c:program files (x86)Yahoo!

2013-01-04 17:33 . 2013-01-04 17:33 -------- d-----w- c:programdataHP Product Assistant

2013-01-04 17:33 . 2013-01-04 17:33 -------- d-----w- c:windowsSysWow64spool

2013-01-04 17:32 . 2013-01-04 17:32 -------- d-----w- c:program files (x86)Common FilesHP

2013-01-04 17:32 . 2013-01-04 17:32 -------- d-----w- c:program files (x86)Common FilesHewlett-Packard

2013-01-04 17:32 . 2013-01-04 17:32 -------- d-----w- c:windowshpoj4500g510a-f

2013-01-04 17:31 . 2013-01-04 17:34 -------- d-----w- c:program files (x86)HP

2013-01-04 17:29 . 2013-01-04 17:33 -------- d-----w- c:programdataHP

2013-01-04 12:36 . 2012-11-08 17:24 9125352 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{815A6954-172D-4B27-BDA6-DD421375ECF9}mpengine.dll

2013-01-02 19:47 . 2013-01-02 19:47 -------- d-----w- c:program files (x86)ESET

2012-12-28 15:33 . 2012-12-28 15:33 -------- d-----w- C:Hugo extras

2012-12-28 15:33 . 2012-12-28 15:33 -------- d-----w- C:Hugo

2012-12-26 14:13 . 2012-12-26 14:13 -------- d-----w- c:programdataboost_interprocess

2012-12-26 02:31 . 2012-12-31 16:16 -------- d-----w- c:usersOwnerAppDataRoamingMedia Player Lite

2012-12-26 02:28 . 2012-12-30 03:04 -------- d-----w- c:usersOwnerAppDataRoamingFileAssociationManager

2012-12-26 02:28 . 2012-12-26 02:28 -------- d-----w- c:program files (x86)FileAssociationManager

2012-12-26 02:27 . 2012-12-26 02:27 -------- d-----w- c:program files (x86)MediaPlayerLite

2012-12-26 00:57 . 2012-12-26 00:57 -------- d-----w- C:toolbarImages

2012-12-26 00:56 . 2012-12-26 00:57 -------- d-----w- c:usersOwnerAppDataLocalTorch

2012-12-25 19:54 . 2012-12-25 19:54 -------- d-----w- c:programdataBrowser Manager

2012-12-25 17:28 . 2012-06-27 19:26 773968 ----a-w- c:windowssystem32msvcr100.dll

2012-12-25 17:28 . 2012-12-25 17:28 -------- d-----w- c:programdataWincert

2012-12-23 17:43 . 2012-12-23 17:43 -------- d-----w- C:ted dvd files

2012-12-21 18:33 . 2012-12-29 21:41 -------- d-----w- c:usersOwnerAppDataRoamingdvdcss

2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:windowssystem32atmlib.dll

2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:windowssystem32atmfd.dll

2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:windowsSysWow64atmfd.dll

2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:windowsSysWow64atmlib.dll

2012-12-16 22:46 . 2012-10-30 23:51 370288 ----a-w- c:windowssystem32driversaswSP.sys

2012-12-16 22:46 . 2012-10-30 23:51 25232 ----a-w- c:windowssystem32driversaswFsBlk.sys

2012-12-16 22:46 . 2012-10-15 16:59 54072 ----a-w- c:windowssystem32driversaswRdr2.sys

2012-12-16 22:46 . 2012-10-30 23:51 59728 ----a-w- c:windowssystem32driversaswTdi.sys

2012-12-16 22:46 . 2012-10-30 23:51 984144 ----a-w- c:windowssystem32driversaswSnx.sys

2012-12-16 22:46 . 2012-10-30 23:51 71600 ----a-w- c:windowssystem32driversaswMonFlt.sys

2012-12-16 22:46 . 2012-10-30 23:51 41224 ----a-w- c:windowsavastSS.scr

2012-12-16 22:45 . 2012-10-30 23:50 227648 ----a-w- c:windowsSysWow64aswBoot.exe

2012-12-16 22:06 . 2012-12-16 22:07 -------- d-----w- c:usersOwnerAppDataLocalNETGEARGenie

2012-12-16 22:06 . 2012-12-16 22:06 369168 ----a-w- c:windowssystem32wpcap.dll

2012-12-16 22:06 . 2012-12-16 22:06 35344 ----a-w- c:windowssystem32driversnpf.sys

2012-12-16 22:06 . 2012-12-16 22:06 106000 ----a-w- c:windowssystem32packet.dll

2012-12-16 22:06 . 2012-12-16 22:06 -------- d-----w- c:program files (x86)NETGEAR Genie

2012-12-14 20:48 . 2012-12-14 20:48 -------- d-----w- c:program files (x86)uTorrent

2012-12-14 13:06 . 2012-11-14 07:06 17811968 ----a-w- c:windowssystem32mshtml.dll

2012-12-14 13:06 . 2012-11-14 06:32 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-12-13 11:57 . 2012-11-02 05:59 478208 ----a-w- c:windowssystem32dpnet.dll

2012-12-13 11:57 . 2012-11-02 05:11 376832 ----a-w- c:windowsSysWow64dpnet.dll

2012-12-12 21:34 . 2012-12-13 00:47 -------- d-----w- c:usersOwnerAppDataRoamingatunes

2012-12-12 21:33 . 2012-12-12 21:33 -------- d-----w- c:program files (x86)aTunes

2012-12-12 17:44 . 2012-12-12 17:44 -------- d-----w- c:program files (x86)CheckPoint

2012-12-10 15:12 . 2012-12-10 15:12 -------- d-----w- C:FRACTURE EXTRAS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-26 01:25 . 2012-10-17 13:39 737072 ----a-w- c:programdataMicrosofteHomePackagesSportsV2SportsTemplateCore-2Microsoft.MediaCenter.Sports.UI.dll

2012-12-26 01:25 . 2012-10-06 20:26 2876528 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkupmarkup.dll

2012-12-26 01:25 . 2012-10-06 20:26 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSMStartResources.dll

2012-12-14 22:49 . 2012-11-30 15:39 24176 ----a-w- c:windowssystem32driversmbam.sys

2012-12-14 13:10 . 2012-07-25 12:45 67413224 ----a-w- c:windowssystem32MRT.exe

2012-12-12 17:57 . 2012-07-31 00:28 697272 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-12-12 17:57 . 2012-07-31 00:28 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-11-24 01:35 . 2012-10-06 20:26 737072 ----a-w- c:programdataMicrosofteHomePackagesSportsV2SportsTemplateCoreMicrosoft.MediaCenter.Sports.UI.dll

2012-11-15 01:51 . 2012-11-15 01:51 62976 ----a-w- c:windowssystem32TSWbPrxy.exe

2012-11-15 01:51 . 2012-11-15 01:51 57856 ----a-w- c:windowssystem32driversTsUsbFlt.sys

2012-11-15 01:51 . 2012-11-15 01:51 5773824 ----a-w- c:windowssystem32mstscax.dll

2012-11-15 01:51 . 2012-11-15 01:51 54272 ----a-w- c:windowssystem32MsRdpWebAccess.dll

2012-11-15 01:51 . 2012-11-15 01:51 4916224 ----a-w- c:windowsSysWow64mstscax.dll

2012-11-15 01:51 . 2012-11-15 01:51 46592 ----a-w- c:windowsSysWow64MsRdpWebAccess.dll

2012-11-15 01:51 . 2012-11-15 01:51 44032 ----a-w- c:windowssystem32tsgqec.dll

2012-11-15 01:51 . 2012-11-15 01:51 43520 ----a-w- c:windowssystem32TsUsbGDCoInstaller.dll

2012-11-15 01:51 . 2012-11-15 01:51 384000 ----a-w- c:windowssystem32wksprt.exe

2012-11-15 01:51 . 2012-11-15 01:51 37376 ----a-w- c:windowsSysWow64tsgqec.dll

2012-11-15 01:51 . 2012-11-15 01:51 322560 ----a-w- c:windowssystem32aaclient.dll

2012-11-15 01:51 . 2012-11-15 01:51 3174912 ----a-w- c:windowssystem32rdpcorets.dll

2012-11-15 01:51 . 2012-11-15 01:51 269312 ----a-w- c:windowsSysWow64aaclient.dll

2012-11-15 01:51 . 2012-11-15 01:51 243200 ----a-w- c:windowssystem32rdpudd.dll

2012-11-15 01:51 . 2012-11-15 01:51 228864 ----a-w- c:windowssystem32rdpendp_winip.dll

2012-11-15 01:51 . 2012-11-15 01:51 19456 ----a-w- c:windowssystem32driversrdpvideominiport.sys

2012-11-15 01:51 . 2012-11-15 01:51 192000 ----a-w- c:windowsSysWow64rdpendp_winip.dll

2012-11-15 01:51 . 2012-11-15 01:51 18432 ----a-w- c:windowssystem32wksprtPS.dll

2012-11-15 01:51 . 2012-11-15 01:51 16896 ----a-w- c:windowsSysWow64wksprtPS.dll

2012-11-15 01:51 . 2012-11-15 01:51 15360 ----a-w- c:windowssystem32RdpGroupPolicyExtension.dll

2012-11-15 01:51 . 2012-11-15 01:51 13312 ----a-w- c:windowssystem32TsUsbRedirectionGroupPolicyExtension.dll

2012-11-15 01:51 . 2012-11-15 01:51 13312 ----a-w- c:windowssystem32TsUsbRedirectionGroupPolicyControl.exe

2012-11-15 01:51 . 2012-11-15 01:51 1123840 ----a-w- c:windowssystem32mstsc.exe

2012-11-15 01:51 . 2012-11-15 01:51 1048064 ----a-w- c:windowsSysWow64mstsc.exe

2012-11-15 01:50 . 2012-11-15 01:50 96768 ----a-w- c:windowsSysWow64sspicli.dll

2012-11-15 01:50 . 2012-11-15 01:50 458712 ----a-w- c:windowssystem32driverscng.sys

2012-11-15 01:50 . 2012-11-15 01:50 340992 ----a-w- c:windowssystem32schannel.dll

2012-11-15 01:50 . 2012-11-15 01:50 307200 ----a-w- c:windowssystem32ncrypt.dll

2012-11-15 01:50 . 2012-11-15 01:50 247808 ----a-w- c:windowsSysWow64schannel.dll

2012-11-15 01:50 . 2012-11-15 01:50 220160 ----a-w- c:windowsSysWow64ncrypt.dll

2012-11-15 01:50 . 2012-11-15 01:50 22016 ----a-w- c:windowsSysWow64secur32.dll

2012-11-15 01:50 . 2012-11-15 01:50 154480 ----a-w- c:windowssystem32driversksecpkg.sys

2012-11-15 01:50 . 2012-11-15 01:50 1448448 ----a-w- c:windowssystem32lsasrv.dll

2012-11-15 01:49 . 2012-11-15 01:49 514560 ----a-w- c:windowsSysWow64qdvd.dll

2012-11-15 01:49 . 2012-11-15 01:49 366592 ----a-w- c:windowssystem32qdvd.dll

2012-11-14 20:32 . 2012-11-14 20:32 30568 ----a-w- c:windowssystem32driversavgtpx64.sys

2012-11-01 18:31 . 2012-11-01 18:31 40712 ----a-w- c:windowssystem32driverstaphss6.sys

2012-11-01 18:25 . 2012-11-01 18:25 42248 ----a-w- c:windowssystem32drivershssdrv6.sys

2012-10-30 23:50 . 2012-08-03 22:43 285328 ----a-w- c:windowssystem32aswBoot.exe

2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:windowsSysWow64QuickTimeVR.qtx

2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:windowsSysWow64QuickTime.qts

2012-10-22 22:34 . 2012-10-22 22:34 95208 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll

2012-10-22 22:34 . 2012-10-22 22:35 821736 ----a-w- c:windowsSysWow64npDeployJava1.dll

2012-10-22 22:34 . 2012-10-22 22:35 746984 ----a-w- c:windowsSysWow64deployJava1.dll

2012-10-17 13:39 . 2012-10-17 13:39 2876528 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkup-2markup.dll

2012-10-17 13:37 . 2012-10-17 13:37 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSM-2StartResources.dll

2012-10-16 08:38 . 2012-12-13 11:57 135168 ----a-w- c:windowsapppatchAppPatch64AcXtrnal.dll

2012-10-16 08:38 . 2012-12-13 11:57 350208 ----a-w- c:windowsapppatchAppPatch64AcLayers.dll

2012-10-16 07:39 . 2012-12-13 11:57 561664 ----a-w- c:windowsapppatchAcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{11111111-1111-1111-1111-110211181104}]

c:program files (x86)Coupon Companion PluginCoupon Companion Plugin.dll [bU]

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{300BEC06-B743-4D19-86B9-11DC711D7FFB}]

c:program files (x86)OAppsSelectionLinks.dll [bU]

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{D28FF82E-DC7D-E13A-28EC-1D5CD8855ADE}]

c:programdataVaudix508d42f54b62d.ocx [bU]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"IDMan"="c:program files (x86)Internet Download ManagerIDMan.exe" [2012-09-01 3528128]

"Xvid"="c:program files (x86)XvidCheckUpdate.exe" [2011-01-17 8192]

"Spotify Web Helper"="c:usersOwnerAppDataRoamingSpotifyDataSpotifyWebHelper.exe" [2012-10-28 1199576]

"NETGEARGenie"="c:program files (x86)NETGEAR GeniebinNETGEARGenie.exe" [2012-10-16 1041736]

"AnyDVD"="c:program files (x86)SlySoftAnyDVDAnyDVDtray.exe" [2012-12-20 6750448]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"CLMLServer"="c:program files (x86)CyberLinkPower2GoCLMLSvc.exe" [2009-11-02 103720]

"Samsung PanelMgr"="c:windowsSamsungPanelMgrSSMMgr.exe" [2010-06-08 618496]

"UVS10 Preload"="c:program files (x86)Ulead SystemsUlead VideoStudio 10uvPL.exe" [2006-03-07 36864]

"UpdatePPShortCut"="c:program files (x86)CyberLinkPowerProducerMUITransferMUIStartMenu.exe" [2009-05-20 222504]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-10-12 59280]

"PowerDVD12DMREngine"="c:program files (x86)CyberLinkPowerDVD12KernelDMRPowerDVD12DMREngine.exe" [2012-09-19 505872]

"PowerDVD12Agent"="c:program files (x86)CyberLinkPowerDVD12PowerDVD12Agent.exe" [2012-09-19 374560]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-10-25 421888]

"avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-30 4297136]

"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2007-05-08 54840]

.

c:usersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

MagicDisc.lnk - c:program files (x86)MagicDiscMagicDisc.exe [2012-9-15 576000]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:windowsSysWOW64nvinit.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"wave6"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-13 160944]

R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:windowssystem32DRIVERSAVerPola.sys [2011-01-04 534144]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:program filesIntelWiFibinPanDhcpDns.exe [2011-01-05 340240]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2012-11-15 19456]

R3 Samsung UPD Service;Samsung UPD Service;c:windowsSystem32SUPDSvc.exe [2010-08-09 166704]

R3 StkCMini;Syntek AVStream USB2.0 ATV;c:windowssystem32DriversStkCMini.sys [2010-04-16 1816968]

R3 taphss6;Anchorfree HSS VPN Adapter;c:windowssystem32DRIVERStaphss6.sys [2012-11-01 40712]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2012-11-15 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2012-07-25 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:windowssystem32DRIVERSwdcsam64.sys [2008-05-06 14464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:windowssystem32DRIVERSnvpciflt.sys [2010-12-14 25576]

S0 SmartDefragDriver;SmartDefragDriver;c:windowsSystem32DriversSmartDefragDriver.sys [2010-11-26 17720]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 avgtp;avgtp;c:windowssystem32driversavgtpx64.sys [2012-11-14 30568]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:windowssystem32DriversSABI.sys [2009-05-28 13824]

S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/11/09 08:34];c:program files (x86)CyberLinkPowerDVD12CommonNavFilter000.fcl [2012-09-19 22:12 147704]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-10-30 71600]

S2 BBSvc;BingBar Service;c:program files (x86)MicrosoftBingBar7.1.361.0BBSvc.exe [2012-02-10 193816]

S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:program files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerCLHNServiceForPowerDVD12.exe [2012-09-19 90640]

S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:program files (x86)CyberLinkPowerDVD12KernelDMSCLMSMonitorServicePDVD12.exe [2012-09-19 78352]

S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:program files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe [2012-09-19 295440]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:program filesIntelWiMAXBinDMAgent.exe [2011-06-06 498688]

S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys [2012-08-02 158944]

S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-12-14 682344]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:program files (x86)NETGEAR GeniebinNETGEARGenieDaemon64.exe [2012-09-25 231752]

S2 nlsX86cc;Nalpeiron Licensing Service;c:windowsSysWOW64nlssrv32.exe [2010-11-22 66560]

S2 ntk_PowerDVD12;ntk_PowerDVD12;c:program files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerntk_PowerDVD12_64.sys [2012-06-20 83704]

S2 UNS;Intel® Management and Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-10-06 2655768]

S2 WajamUpdater;WajamUpdater;c:program files (x86)WajamUpdaterWajamUpdater.exe [2012-10-05 109064]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:program filesIntelWiMAXBinAppSrv.exe [2011-06-06 986112]

S3 BBUpdate;BBUpdate;c:program files (x86)MicrosoftBingBar7.1.361.0SeaPort.exe [2012-02-10 240408]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:windowssystem32DRIVERSbpenum.sys [2011-05-19 84480]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:windowssystem32DRIVERSbpmp.sys [2011-05-19 182272]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:windowssystem32Driversbpusb.sys [2011-05-19 83968]

S3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [2010-11-10 31088]

S3 ETD;ELAN PS/2 Port Input Device;c:windowssystem32DRIVERSETD.sys [2010-11-12 138024]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-10-15 317440]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-12-14 24176]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:windowssystem32DRIVERSnusb3hub.sys [2010-10-11 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:windowssystem32DRIVERSnusb3xhc.sys [2010-10-11 180736]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2011-06-10 539240]

S3 wdkmd;Intel WiDi KMD;c:windowssystem32DRIVERSWDKMD.sys [2010-11-30 42392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NPF

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-07-31 17:57]

.

2013-01-08 c:windowsTasksSlimDrivers Startup.job

- c:program files (x86)SlimDriversSlimDrivers.exe [2012-10-14 21:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:program filesAVAST SoftwareAvastashShA64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersIDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 23432 ----a-w- c:program files (x86)Internet Download ManagerIDMShellExt64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-01-04 167960]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-01-04 391704]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-01-04 417304]

"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2010-11-30 11660904]

"IntelWireless"="c:program filesCommon FilesIntelWirelessCommoniFrmewrk.exe" [2011-01-05 1933584]

"ETDCtrl"="c:program files (x86)ElantechETDCtrl.exe" [bU]

"IntelWirelessWiMAX"="c:program filesIntelWiMAXBinWiMAXCU.exe" [2011-06-02 1622016]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:windowsSysWOW64blank.htm

IE: Download all links with IDM - c:program files (x86)Internet Download ManagerIEGetAll.htm

IE: Download with IDM - c:program files (x86)Internet Download ManagerIEExt.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.default

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5893014922044063&o=APN10645&q=

FF - ExtSQL: 2012-11-12 13:25; 63ffxtbr@APlusGamer_63.com; c:usersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions63ffxtbr@APlusGamer_63.com

FF - ExtSQL: 2012-11-12 15:06; 4pffxtbr@MindDabble_4p.com; c:usersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions4pffxtbr@MindDabble_4p.com

FF - ExtSQL: 2012-12-16 16:53; wrc@avast.com; c:program filesAVAST SoftwareAvastWebRepFF

FF - ExtSQL: 2012-12-25 11:28; {f34c9277-6577-4dff-b2d7-7d58092f272f}; c:usersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions{f34c9277-6577-4dff-b2d7-7d58092f272f}

FF - ExtSQL: 2013-01-04 11:34; smartwebprinting@hp.com; c:program files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3

FF - ExtSQL: 2013-01-05 11:41; plugin@selectionlinks.com; c:usersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensionsplugin@selectionlinks.com

FF - ExtSQL: !HIDDEN! 2013-01-04 11:34; smartwebprinting@hp.com; c:program files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

AddRemove-Coupon Companion Plugin - c:program files (x86)Coupon Companion PluginUninstall.exe

AddRemove-iLivid - c:usersOwnerAppDataLocaliLividuninstall.exe

AddRemove-ilividtoolbarguid - c:progra~2SEARCH~1DatamngrSRTOOL~1uninstall.exe

AddRemove-sl-dlc - c:program files (x86)OAppssl-dlc_uninstall.exe

AddRemove-{681002C6-5019-81A2-7871-A43754F71E56} - c:programdataVaudixuninstall.exe

.

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001services{73526619-C24F-470B-9BED-53D455FBB5C6}]

"ImagePath"="??c:program files (x86)CyberLinkPowerDVD12CommonNavFilter000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program filesAVAST SoftwareAvastAvastSvc.exe

c:program files (x86)Common FilesAdobeARM1.0armsvc.exe

c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe

c:program files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe

c:program files (x86)CyberLinkShared filesRichVideo.exe

c:program files (x86)Common FilesUlead SystemsDVDULCDRSvr.exe

c:program files (x86)CyberLinkYouCamYCMMirage.exe

c:program files (x86)SamsungEasy Display ManagerWifiManager.exe

c:program files (x86)SamsungSamsung Recovery Solution 5WCScheduler.exe

c:program files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

c:program files (x86)SamsungMovie Color EnhancerMovieColorEnhancer.exe

c:program files (x86)SamsungSamsung Support CenterSSCKbdHk.exe

c:program files (x86)SamsungSamsung Update PlusSUPBackground.exe

.

**************************************************************************

.

Completion time: 2013-01-07 20:46:12 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-08 02:46

ComboFix2.txt 2013-01-08 00:48

ComboFix3.txt 2013-01-07 01:05

ComboFix4.txt 2012-12-20 00:53

ComboFix5.txt 2013-01-08 01:40

.

Pre-Run: 72,261,410,816 bytes free

Post-Run: 72,198,590,464 bytes free

.

- - End Of File - - FA40F5D9DC4DB580702125E78DB47E79

Share this post


Link to post
Share on other sites

Hello JonTom,

 

Here is the rest of the logs.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.1 (01.06.2013:2)

OS: Windows 7 Home Premium x64

Ran by Owner on Tue 01/08/2013 at 11:33:00.07

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] wajamupdater

Successfully deleted: [service] wajamupdater

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorerurlsearchhooks{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorertoolbar{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully repaired: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorersearchscopesDefaultScope

Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopesDefaultScope

Successfully repaired: [Registry Value] hkey_users.defaultsoftwaremicrosoftinternet explorersearchscopesDefaultScope

Successfully repaired: [Registry Value] hkey_userss-1-5-18softwaremicrosoftinternet explorersearchscopesDefaultScope

Successfully repaired: [Registry Value] hkey_userss-1-5-19softwaremicrosoftinternet explorersearchscopesDefaultScope

Successfully repaired: [Registry Value] hkey_userss-1-5-20softwaremicrosoftinternet explorersearchscopesDefaultScope

Successfully repaired: [Registry Value] hkey_usersS-1-5-21-4159443991-512847242-1124234837-1001softwaremicrosoftinternet explorersearchscopesDefaultScope

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] hkey_local_machinesoftwaredatamngr

Successfully deleted: [Registry Key] hkey_current_usersoftwaredatamngr_toolbar

Successfully deleted: [Registry Key] hkey_current_usersoftwareilivid

Successfully deleted: [Registry Key] hkey_current_usersoftwareilividtoolbarguid

Successfully deleted: [Registry Key] hkey_current_usersoftwareinstalledbrowserextensions

Successfully deleted: [Registry Key] hkey_current_usersoftwarewajam

Successfully deleted: [Registry Key] hkey_local_machinesoftwarewajam

Successfully deleted: [Registry Key] hkey_current_usersoftwareappdatalowsoftwareconduit

Successfully deleted: [Registry Key] hkey_current_usersoftwareappdatalowsoftwarecrossrider

Successfully deleted: [Registry Key] hkey_current_usersoftwareappdatalowsoftwaresmartbar

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesappidbrowserconnection.dll

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesapplicationsilividsetup.exe

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesclsid{ce4db5a3-58e6-41f1-8761-47238df4f468}

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesilividiehelper.dnsguard

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesilividiehelper.dnsguard.1

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassestypelib{75e8da27-44af-40ae-927c-f2eec99d65b1}

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswajam.wajambho

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswajam.wajambho.1

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswajam.wajamdownloader

Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswajam.wajamdownloader.1

Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosofttracingsetupdatamngr_searchqu_rasapi32

Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosofttracingsetupdatamngr_searchqu_rasmancs

Successfully deleted: [Registry Key] hkey_local_machinesoftwarewow6432nodeilividsrtb

Successfully deleted: [Registry Key] hkey_local_machinesoftwarewow6432nodemicrosofttracingilividmediabar_rasapi32

Successfully deleted: [Registry Key] hkey_local_machinesoftwarewow6432nodemicrosofttracingilividmediabar_rasmancs

Successfully deleted: [Registry Key] hkey_local_machinesoftwarewow6432nodemicrosofttracingilividsetup_rasapi32

Successfully deleted: [Registry Key] hkey_local_machinesoftwarewow6432nodemicrosofttracingilividsetup_rasmancs

Successfully deleted: [Registry Key] hkey_local_machinesoftwarewow6432nodemicrosoftwindowscurrentversionuninstallilividtoolbarguid

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINEsoftwareclassesCrossriderApp0021804.BHO

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINEsoftwareclassesCrossriderApp0021804.Sandbox

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINEsoftwareclassesCrossriderApp0021804.Sandbox.1

Successfully deleted: [Registry Key] hkey_classes_rootclsid{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopes{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] hkey_classes_rootclsid{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}

Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}

Successfully deleted: [Registry Key] hkey_classes_rootclsid{c1ed9da0-afd0-4b90-ac6a-d3874f591014}

Successfully deleted: [Registry Key] hkey_classes_rootclsid{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Key] hkey_classes_rootclsid{D28FF82E-DC7D-E13A-28EC-1D5CD8855ADE}

Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{D28FF82E-DC7D-E13A-28EC-1D5CD8855ADE}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:UsersOwnerAppDataRoamingmicrosoftwindowsstart menuprogramsilivid.lnk"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:ProgramDataboost_interprocess"

Successfully deleted: [Folder] "C:UsersOwnerAppDataRoamingdrivercure"

Successfully deleted: [Folder] "C:UsersOwnerappdatalocaltorch"

Successfully deleted: [Folder] "C:UsersOwnerappdatalocalwajam"

Successfully deleted: [Folder] "C:UsersOwnerappdatalocallowconduit"

Successfully deleted: [Folder] "C:UsersOwnerappdatalocallowdatamngr"

Successfully deleted: [Folder] "C:UsersOwnerappdatalocallowilividtoolbarguid"

Successfully deleted: [Folder] "C:UsersOwnerappdatalocallowvaudix"

Successfully deleted: [Folder] "C:Program Files (x86)wajam"

Successfully deleted: [Folder] "C:UsersOwnerAppDataRoamingmicrosoftwindowsstart menuprogramswajam"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] "C:Program Files (x86)Mozilla Firefoxsearchpluginssearch_results.xml"

Successfully deleted: [File] C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultuser.js

Successfully deleted: [File] C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultinvalidprefs.js

Successfully deleted: [File] "C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultextensions50970cb9d50ba@50970cb9d50f3.com.xpi"

Successfully deleted: [File] C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultsearchpluginssearch_results.xml

Failed to delete: [Folder] "C:Program Files (x86)Mozilla Firefoxextensions{1fd91a9c-410c-4090-bbcc-55d3450ef433}"

Successfully deleted: [Folder] C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultilividtoolbarguid

Successfully deleted: [Folder] C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultextensionsplugin@selectionlinks.com

Successfully deleted: [Folder] C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultextensions{f34c9277-6577-4dff-b2d7-7d58092f272f}

Successfully deleted the following from C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultprefs.js

 

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://www.goodsearch.com/search.aspx?toolbarcharity=___toolbarcharity___&id=goodsearchtb&v=2_1&keywords=");

user_pref("extensions.50970cb9d5165.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear

user_pref("extensions.crossriderapp21804.adsOldValue", -1);

user_pref("extensions.toolbar.mindspark._2vMembers_.hp.user.defined", true);

user_pref("extensions.toolbar.mindspark._2vMembers_.initialized", true);

user_pref("extensions.toolbar.mindspark._2vMembers_.installation.contextKey", "");

user_pref("extensions.toolbar.mindspark._2vMembers_.installation.installDate", "2012120218");

user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerId", "XMxpi000");

user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerSubId", "");

user_pref("extensions.toolbar.mindspark._2vMembers_.installation.success", false);

user_pref("extensions.toolbar.mindspark._2vMembers_.installation.toolbarId", "undefined");

user_pref("extensions.toolbar.mindspark._2vMembers_.options.defaultSearch", false);

user_pref("extensions.toolbar.mindspark._2vMembers_.options.homePageEnabled", false);

user_pref("extensions.toolbar.mindspark._2vMembers_.options.keywordEnabled", false);

user_pref("extensions.toolbar.mindspark._2vMembers_.options.tabEnabled", false);

user_pref("extensions.toolbar.mindspark._2vMembers_.weather.location", "53575");

user_pref("extensions.toolbar.mindspark._4pMembers_.homepage", "http://home.mywebsearch.com/index.jhtml?ptb=3E0332B7-CD22-4289-A1F8-A2126361EDB9&n=77ee8df8&p2=^YX^yyyyyy^YY^us

user_pref("extensions.toolbar.mindspark._4pMembers_.initialized", true);

user_pref("extensions.toolbar.mindspark._4pMembers_.installation.contextKey", "");

user_pref("extensions.toolbar.mindspark._4pMembers_.installation.installDate", "2012122616");

user_pref("extensions.toolbar.mindspark._4pMembers_.installation.partnerId", "^YX^yyyyyy^YY^us");

user_pref("extensions.toolbar.mindspark._4pMembers_.installation.partnerSubId", "");

user_pref("extensions.toolbar.mindspark._4pMembers_.installation.success", true);

user_pref("extensions.toolbar.mindspark._4pMembers_.installation.toolbarId", "3E0332B7-CD22-4289-A1F8-A2126361EDB9");

user_pref("extensions.toolbar.mindspark._4pMembers_.lastActivePing", "1357648146463");

user_pref("extensions.toolbar.mindspark._4pMembers_.options.defaultSearch", false);

user_pref("extensions.toolbar.mindspark._4pMembers_.options.homePageEnabled", false);

user_pref("extensions.toolbar.mindspark._4pMembers_.options.keywordEnabled", false);

user_pref("extensions.toolbar.mindspark._4pMembers_.options.tabEnabled", false);

user_pref("extensions.toolbar.mindspark._4pMembers_.weather.location", "53575");

user_pref("extensions.toolbar.mindspark._63Members_.initialized", true);

user_pref("extensions.toolbar.mindspark._63Members_.installation.contextKey", "");

user_pref("extensions.toolbar.mindspark._63Members_.installation.installDate", "2012120218");

user_pref("extensions.toolbar.mindspark._63Members_.installation.partnerId", "^AF4^xdm003^YY^us");

user_pref("extensions.toolbar.mindspark._63Members_.installation.partnerSubId", "CMyus_STyrMCFQpgMgodhUgAiQ");

user_pref("extensions.toolbar.mindspark._63Members_.installation.success", true);

user_pref("extensions.toolbar.mindspark._63Members_.installation.toolbarId", "6FCC1F36-E439-4609-B5C2-7F599003EDC6");

user_pref("extensions.toolbar.mindspark._63Members_.lastActivePing", "1357648146488");

user_pref("extensions.toolbar.mindspark._63Members_.options.defaultSearch", false);

user_pref("extensions.toolbar.mindspark._63Members_.options.homePageEnabled", false);

user_pref("extensions.toolbar.mindspark._63Members_.options.keywordEnabled", false);

user_pref("extensions.toolbar.mindspark._63Members_.options.tabEnabled", false);

user_pref("extensions.toolbar.mindspark._63Members_.searchHistory", "");

user_pref("extensions.toolbar.mindspark._63Members_.weather.location", "53575");

user_pref("extensions.toolbar.mindspark.lastInstalled", "minddabble@mindspark.com");

user_pref("keyword.URL", "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5893014922044063&o=APN10645&q=");

user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

user_pref("smartbar.originalSearchAddressUrl", "http://www.goodsearch.com/search.aspx?toolbarcharity=___toolbarcharity___&id=goodsearchtb&v=2_1&keywords=");

user_pref("smartbar.originalSearchEngine", false);

Emptied folder: C:UsersOwnerAppDataRoamingmozillafirefoxprofilesnww68hdh.defaultminidumps [53 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 01/08/2013 at 11:44:12.82

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.01.07.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

 

1/8/2013 2:20:22 PM

MBAM-log-2013-01-08 (15-54-16).txt

 

Scan type: Full scan (C:|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 446711

Time elapsed: 1 hour(s), 15 minute(s), 15 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 25

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pbar.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pbarsvc.exe.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pdatact.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pdyn.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pfeedmg.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4phighin.exe.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4phkstub.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4phttpct.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pidle.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pimpipe.exe.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pmedint.exe.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pmlbtn.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pmsg.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pPlugin.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pradio.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pregfft.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4preghk.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pscript.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pskin.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pskplay.exe.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4pSrchMn.exe.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4ptpinst.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.bin4puabtn.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.binNP4pStub.dll.vir (PUP.MyWebSearch) -> No action taken.

C:QooboxQuarantineCProgram Files (x86)MINDDA~2bar2.binT8HTML.DLL.vir (PUP.MyWebSearch) -> No action taken.

 

(end)

Share this post


Link to post
Share on other sites

Hello goofy1139

 

How is the machine running now?

 

Please post a new DDS log for me to review (I only need to see the DDS.txt log).

Share this post


Link to post
Share on other sites

Hello JonTom

 

My computer is running great. Thank you for all of your help.

 

Here is the DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Owner at 8:04:19 on 2013-01-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.3785 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32nvvsvc.exe

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe

C:Program FilesAVAST SoftwareAvastAvastSvc.exe

C:Windowssystem32WLANExt.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Windowssystem32taskhost.exe

C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSMonitorServicePDVD12.exe

C:Program FilesIntelWiFibinEvtEng.exe

C:WindowsSysWOW64svchost.exe -k hpdevmgmt

C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Windowssystem32taskeng.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

C:WindowsSystem32svchost.exe -k HPZ12

C:Program Files (x86)NETGEAR GeniebinNETGEARGenieDaemon64.exe

C:WindowsSysWOW64nlssrv32.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

C:Program FilesRealtekAudioHDARAVCpl64.exe

C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe

C:Program FilesElantechETDCtrl.exe

C:Program FilesIntelWiMAXBinWiMAXCU.exe

C:Program Files (x86)Internet Download ManagerIDMan.exe

C:UsersOwnerAppDataRoamingSpotifyDataSpotifyWebHelper.exe

C:Program Files (x86)NETGEAR GeniebinNETGEARGenie.exe

C:Program Files (x86)SlySoftAnyDVDAnyDVDtray.exe

C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe

C:WindowsSamsungPanelMgrSSMMgr.exe

C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

C:WindowsSamsungPanelMgrcaller64.exe

C:Program Files (x86)MagicDiscMagicDisc.exe

C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe

C:WindowsSystem32svchost.exe -k HPZ12

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe

C:Program Files (x86)CyberLinkPowerDVD12KernelDMRPowerDVD12DMREngine.exe

C:Program Files (x86)CyberLinkShared filesRichVideo.exe

C:Windowssystem32taskeng.exe

C:Program Files (x86)CyberLinkPowerDVD12PowerDVD12Agent.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program Files (x86)SamsungEasy Display ManagerWifiManager.exe

C:Program FilesSRS LabsSRS Premium Sound Control Panelsrspremiumpanel_64.exe

C:Program Files (x86)CyberLinkYouCamYCMMirage.exe

C:Program Files (x86)SamsungEasy Display Managerdmhkcore.exe

C:Program Files (x86)QuickTimeQTTask.exe

C:Program Files (x86)Common FilesUlead SystemsDVDULCDRSvr.exe

C:Program FilesAVAST SoftwareAvastAvastUI.exe

C:Program Files (x86)Internet Download ManagerIEMonitor.exe

C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe

C:Program FilesIntelWiMAXBinAppSrv.exe

C:WindowsSystem32svchost.exe -k secsvcs

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program FilesIntelWiMAXBinDMAgent.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program FilesElantechETDCtrlHelper.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Program Files (x86)NETGEAR Geniebingenie2_tray.exe

C:Windowssplwow64.exe

C:Windowssystem32igfxext.exe

C:Windowssystem32igfxsrvc.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)SAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe

C:Program Files (x86)SamsungSamsung Recovery Solution 5WCScheduler.exe

C:Program FilesSamsungSamsungFastStartSmartRestarter.exe

C:Program Files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerCLHNServiceForPowerDVD12.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe

C:Program Files (x86)SamsungMovie Color EnhancerMovieColorEnhancer.exe

C:Program Files (x86)SamsungSamsung Support CenterSSCKbdHk.exe

C:Program Files (x86)SamsungSamsung Update PlusSUPBackground.exe

C:Windowssystem32wuauclt.exe

C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.exe

C:Program Files (x86)SlySoftAnyDVDADvdDiscHlp64.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_5_502_135.exe

C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_5_502_135.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://samsung.msn.com

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll

BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} -

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: SelectionLinksBHO Class: {300BEC06-B743-4D19-86B9-11DC711D7FFB} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:Program FilesSamsung AnyWeb PrintW2PBrowser.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program Files (x86)Yahoo!CompanionInstallscpnYTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll

uRun: [iDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe /onboot

uRun: [Xvid] C:Program Files (x86)XvidCheckUpdate.exe

uRun: [spotify Web Helper] "C:UsersOwnerAppDataRoamingSpotifyDataSpotifyWebHelper.exe"

uRun: [NETGEARGenie] "C:Program Files (x86)NETGEAR GeniebinNETGEARGenie.exe" -mini -redirect

uRun: [AnyDVD] C:Program Files (x86)SlySoftAnyDVDAnyDVDtray.exe

mRun: [CLMLServer] "C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe"

mRun: [samsung PanelMgr] C:WindowsSamsungPanelMgrSSMMgr.exe /autorun

mRun: [uVS10 Preload] C:Program Files (x86)Ulead SystemsUlead VideoStudio 10uvPL.exe

mRun: [updatePPShortCut] "C:Program Files (x86)CyberLinkPowerProducerMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerProducer" UpdateWithCreateOnce "SoftwareCyberLinkPowerProducer5.0"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [PowerDVD12DMREngine] "C:Program Files (x86)CyberLinkPowerDVD12KernelDMRPowerDVD12DMREngine.exe"

mRun: [PowerDVD12Agent] "C:Program Files (x86)CyberLinkPowerDVD12PowerDVD12Agent.exe"

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [avast] "C:Program FilesAVAST SoftwareAvastavastUI.exe" /nogui

mRun: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

StartupFolder: C:UsersOwnerAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupMAGICD~1.LNK - C:Program Files (x86)MagicDiscMagicDisc.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links with IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm

IE: Download with IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:Program FilesSamsung AnyWeb PrintW2PBrowser.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces{EF589019-EF09-4585-8068-B38719BE845F} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:WindowsSysWOW64nvinit.dll

SSODL: WebCheck - <orphaned>

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC64.dll

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll

x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe

x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe

x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe

x64-Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s

x64-Run: [intelWireless] "C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe

x64-Run: [intelWirelessWiMAX] "C:Program FilesIntelWiMAXBinWiMAXCU.exe" /tasktray /nosplash

x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.default

FF - plugin: C:PROGRA~2MEADCO~1npmeadax.dll

FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrlui.dll

FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_5_502_135.dll

FF - plugin: C:WindowsSysWOW64npDeployJava1.dll

FF - plugin: C:WindowsSysWOW64npmproxy.dll

FF - ExtSQL: 2012-11-12 13:25; 63ffxtbr@APlusGamer_63.com; C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions63ffxtbr@APlusGamer_63.com

FF - ExtSQL: 2012-11-12 15:06; 4pffxtbr@MindDabble_4p.com; C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions4pffxtbr@MindDabble_4p.com

FF - ExtSQL: 2012-12-16 16:53; wrc@avast.com; C:Program FilesAVAST SoftwareAvastWebRepFF

FF - ExtSQL: 2013-01-04 11:34; smartwebprinting@hp.com; C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3

FF - ExtSQL: !HIDDEN! 2013-01-04 11:34; smartwebprinting@hp.com; C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:WindowsSystem32driversnvpciflt.sys [2011-2-20 25576]

R0 SmartDefragDriver;SmartDefragDriver;C:WindowsSystem32driversSmartDefragDriver.sys [2012-11-21 17720]

R1 aswSnx;aswSnx;C:WindowsSystem32driversaswSnx.sys [2012-12-16 984144]

R1 aswSP;aswSP;C:WindowsSystem32driversaswSP.sys [2012-12-16 370288]

R1 avgtp;avgtp;C:WindowsSystem32driversavgtpx64.sys [2012-11-14 30568]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:WindowsSystem32driversSABI.sys [2011-2-20 13824]

R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/11/09 08:34:12];C:Program Files (x86)CyberLinkPowerDVD12CommonNavFilter000.fcl [2012-9-19 147704]

R2 aswFsBlk;aswFsBlk;C:WindowsSystem32driversaswFsBlk.sys [2012-12-16 25232]

R2 aswMonFlt;aswMonFlt;C:WindowsSystem32driversaswMonFlt.sys [2012-12-16 71600]

R2 avast! Antivirus;avast! Antivirus;C:Program FilesAVAST SoftwareAvastAvastSvc.exe [2012-12-16 44808]

R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:Program Files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerCLHNServiceForPowerDVD12.exe [2012-11-9 90640]

R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSMonitorServicePDVD12.exe [2012-11-9 78352]

R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe [2012-11-9 295440]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:Program FilesIntelWiMAXBinDMAgent.exe [2011-6-6 498688]

R2 IDMWFP;IDMWFP;C:WindowsSystem32driversidmwfp.sys [2012-8-31 158944]

R2 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-11-30 398184]

R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-11-30 682344]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:Program Files (x86)NETGEAR GeniebinNETGEARGenieDaemon64.exe [2012-9-25 231752]

R2 nlsX86cc;Nalpeiron Licensing Service;C:WindowsSysWOW64nlssrv32.exe [2012-9-11 66560]

R2 ntk_PowerDVD12;ntk_PowerDVD12;C:Program Files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerntk_PowerDVD12_64.sys [2012-11-9 83704]

R2 UNS;Intel® Management and Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2011-2-20 2655768]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:Program FilesIntelWiMAXBinAppSrv.exe [2011-6-6 986112]

R3 BBUpdate;BBUpdate;C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.EXE [2012-2-10 240408]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:WindowsSystem32driversbpenum.sys [2011-5-19 84480]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:WindowsSystem32driversbpmp.sys [2011-5-19 182272]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:WindowsSystem32driversbpusb.sys [2011-5-19 83968]

R3 clwvd;CyberLink WebCam Virtual Driver;C:WindowsSystem32driversclwvd.sys [2010-11-10 31088]

R3 ETD;ELAN PS/2 Port Input Device;C:WindowsSystem32driversETD.sys [2011-2-21 138024]

R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2011-2-21 317440]

R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2012-11-30 24176]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:WindowsSystem32driversnusb3hub.sys [2010-10-11 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:WindowsSystem32driversnusb3xhc.sys [2010-10-11 180736]

R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2012-8-6 539240]

R3 wdkmd;Intel WiDi KMD;C:WindowsSystem32driversWDKMD.sys [2010-11-30 42392]

S2 BBSvc;BingBar Service;C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-7-13 160944]

S3 AVerPola;AVerMedia USB Polaris Series Capture Service;C:WindowsSystem32driversAVerPola.sys [2012-9-20 534144]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:Program FilesIntelWiFibinPanDhcpDns.exe [2011-1-4 340240]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2012-11-14 19456]

S3 Samsung UPD Service;Samsung UPD Service;C:WindowsSystem32SUPDSvc.exe [2011-2-20 166704]

S3 StkCMini;Syntek AVStream USB2.0 ATV;C:WindowsSystem32driversStkCMini.sys [2012-8-9 1816968]

S3 taphss6;Anchorfree HSS VPN Adapter;C:WindowsSystem32driverstaphss6.sys [2012-11-1 40712]

S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2012-11-14 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2012-7-25 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:WindowsSystem32driverswdcsam64.sys [2008-5-6 14464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-08 14:56:43 32600 ----a-w- C:WindowsSystem32SmartDefragBootTime.exe

2013-01-08 12:32:48 9125352 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{4BDF0E67-A073-4341-81E0-3F75F7F5842F}mpengine.dll

2013-01-08 02:23:45 -------- d-----w- C:$RECYCLE.BIN

2013-01-08 01:40:45 -------- d-----w- C:ComboFix

2013-01-07 15:26:42 -------- d-----w- C:UsersOwnerAppDataLocalPrograms

2013-01-05 17:43:02 -------- d-----w- C:Program Files (x86)WBFS to ISO

2013-01-04 17:34:47 -------- d-----w- C:Program Files (x86)Yahoo!

2013-01-04 17:33:16 -------- d-----w- C:WindowsSysWow64spool

2013-01-04 17:32:26 -------- d-----w- C:Program Files (x86)Common FilesHP

2013-01-04 17:32:25 -------- d-----w- C:Program Files (x86)Common FilesHewlett-Packard

2013-01-04 17:32:18 -------- d-----w- C:Windowshpoj4500g510a-f

2013-01-04 17:31:56 -------- d-----w- C:Program Files (x86)HP

2013-01-02 19:47:18 -------- d-----w- C:Program Files (x86)ESET

2012-12-28 15:33:46 -------- d-----w- C:Hugo extras

2012-12-26 02:31:41 -------- d-----w- C:UsersOwnerAppDataRoamingMedia Player Lite

2012-12-26 02:28:05 -------- d-----w- C:UsersOwnerAppDataRoamingFileAssociationManager

2012-12-26 02:28:01 -------- d-----w- C:Program Files (x86)FileAssociationManager

2012-12-26 02:27:58 -------- d-----w- C:Program Files (x86)MediaPlayerLite

2012-12-26 00:57:17 -------- d-----w- C:toolbarImages

2012-12-25 19:54:23 -------- d-----w- C:ProgramDataBrowser Manager

2012-12-25 17:28:45 773968 ----a-w- C:WindowsSystem32msvcr100.dll

2012-12-25 17:28:12 -------- d-----w- C:ProgramDataWincert

2012-12-23 17:43:36 -------- d-----w- C:ted dvd files

2012-12-21 09:00:35 46080 ----a-w- C:WindowsSystem32atmlib.dll

2012-12-21 09:00:35 367616 ----a-w- C:WindowsSystem32atmfd.dll

2012-12-21 09:00:35 34304 ----a-w- C:WindowsSysWow64atmlib.dll

2012-12-21 09:00:35 295424 ----a-w- C:WindowsSysWow64atmfd.dll

2012-12-16 22:46:33 54072 ----a-w- C:WindowsSystem32driversaswRdr2.sys

2012-12-16 22:46:32 984144 ----a-w- C:WindowsSystem32driversaswSnx.sys

2012-12-16 22:46:29 71600 ----a-w- C:WindowsSystem32driversaswMonFlt.sys

2012-12-16 22:46:00 41224 ----a-w- C:WindowsavastSS.scr

2012-12-16 22:06:49 -------- d-----w- C:UsersOwnerAppDataLocalNETGEARGenie

2012-12-16 22:06:40 369168 ----a-w- C:WindowsSystem32wpcap.dll

2012-12-16 22:06:40 35344 ----a-w- C:WindowsSystem32driversnpf.sys

2012-12-16 22:06:40 106000 ----a-w- C:WindowsSystem32packet.dll

2012-12-16 22:06:32 -------- d-----w- C:Program Files (x86)NETGEAR Genie

2012-12-14 20:48:35 -------- d-----w- C:Program Files (x86)uTorrent

2012-12-13 11:57:59 478208 ----a-w- C:WindowsSystem32dpnet.dll

2012-12-13 11:57:59 376832 ----a-w- C:WindowsSysWow64dpnet.dll

2012-12-12 21:34:58 -------- d-----w- C:UsersOwnerAppDataRoamingatunes

2012-12-12 21:33:11 -------- d-----w- C:Program Files (x86)aTunes

2012-12-12 17:44:07 -------- d-----w- C:Program Files (x86)CheckPoint

2012-12-10 15:12:05 -------- d-----w- C:FRACTURE EXTRAS

.

==================== Find3M ====================

.

2012-12-14 22:49:28 24176 ----a-w- C:WindowsSystem32driversmbam.sys

2012-12-12 17:57:05 697272 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-12-12 17:57:04 73656 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-11-22 03:26:40 3149824 ----a-w- C:WindowsSystem32win32k.sys

2012-11-15 01:50:36 96768 ----a-w- C:WindowsSysWow64sspicli.dll

2012-11-15 01:50:36 458712 ----a-w- C:WindowsSystem32driverscng.sys

2012-11-15 01:50:36 340992 ----a-w- C:WindowsSystem32schannel.dll

2012-11-15 01:50:36 307200 ----a-w- C:WindowsSystem32ncrypt.dll

2012-11-15 01:50:36 247808 ----a-w- C:WindowsSysWow64schannel.dll

2012-11-15 01:50:36 220160 ----a-w- C:WindowsSysWow64ncrypt.dll

2012-11-15 01:50:36 22016 ----a-w- C:WindowsSysWow64secur32.dll

2012-11-15 01:50:36 154480 ----a-w- C:WindowsSystem32driversksecpkg.sys

2012-11-15 01:50:36 1448448 ----a-w- C:WindowsSystem32lsasrv.dll

2012-11-15 01:49:36 514560 ----a-w- C:WindowsSysWow64qdvd.dll

2012-11-15 01:49:36 366592 ----a-w- C:WindowsSystem32qdvd.dll

2012-11-14 20:32:45 30568 ----a-w- C:WindowsSystem32driversavgtpx64.sys

2012-11-14 06:11:44 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:WindowsSystem32vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:WindowsSysWow64vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:WindowsSystem32tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:WindowsSysWow64tzres.dll

2012-11-01 18:31:08 40712 ----a-w- C:WindowsSystem32driverstaphss6.sys

2012-11-01 18:25:26 42248 ----a-w- C:WindowsSystem32drivershssdrv6.sys

2012-10-25 09:12:26 94208 ----a-w- C:WindowsSysWow64QuickTimeVR.qtx

2012-10-25 09:12:26 69632 ----a-w- C:WindowsSysWow64QuickTime.qts

2012-10-22 22:34:45 95208 ----a-w- C:WindowsSysWow64WindowsAccessBridge-32.dll

2012-10-22 22:34:35 821736 ----a-w- C:WindowsSysWow64npDeployJava1.dll

2012-10-22 22:34:35 746984 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-10-16 08:38:37 135168 ----a-w- C:WindowsapppatchAppPatch64AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:WindowsapppatchAppPatch64AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:WindowsapppatchAcLayers.dll

.

============= FINISH: 8:04:46.75 ===============

Share this post


Link to post
Share on other sites

Hello,

 

While my good friend and colleague JonTom is taking a short break, I am going to assist you :)

 

Have the redirects stopped now?

 

Are there any outstanding issues?

 

 

If you could please run a fresh log with OTL and post the results, I can make certain there is no remaining malware

 

thanks

Share this post


Link to post
Share on other sites

Hello CatByte

 

The internet does not redirect any more and my compuer running fine. Here is the OTL log...

 

OTL logfile created on: 1/9/2013 6:07:12 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersOwnerDownloadsPrograms

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.91 Gb Total Physical Memory | 4.21 Gb Available Physical Memory | 71.11% Memory free

11.83 Gb Paging File | 9.98 Gb Available in Paging File | 84.42% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 586.07 Gb Total Space | 78.76 Gb Free Space | 13.44% Space Free | Partition Type: NTFS

Drive E: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/01/09 18:03:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersOwnerDownloadsProgramsOTL.exe

PRC - [2012/12/20 15:58:21 | 006,750,448 | ---- | M] (SlySoft, Inc.) -- C:Program Files (x86)SlySoftAnyDVDAnyDVDtray.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe

PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastUI.exe

PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe

PRC - [2012/10/28 08:16:34 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:UsersOwnerAppDataRoamingSpotifyDataSpotifyWebHelper.exe

PRC - [2012/10/16 07:54:22 | 001,041,736 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinNETGEARGenie.exe

PRC - [2012/09/25 00:06:14 | 000,122,696 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebingenie2_tray.exe

PRC - [2012/09/19 01:45:40 | 000,505,872 | ---- | M] (CyberLink) -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMRPowerDVD12DMREngine.exe

PRC - [2012/09/19 01:45:35 | 000,374,560 | ---- | M] (CyberLink Corp.) -- C:Program Files (x86)CyberLinkPowerDVD12PowerDVD12Agent.exe

PRC - [2012/09/19 01:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe

PRC - [2012/09/19 01:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSMonitorServicePDVD12.exe

PRC - [2012/09/19 01:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerCLHNServiceForPowerDVD12.exe

PRC - [2012/09/06 10:06:42 | 001,607,552 | ---- | M] (IObit) -- C:Program Files (x86)IObitSmart Defrag 2SmartDefrag.exe

PRC - [2012/08/31 21:21:41 | 003,528,128 | ---- | M] (Tonec Inc.) -- C:Program Files (x86)Internet Download ManagerIDMan.exe

PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

PRC - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.EXE

PRC - [2012/02/10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.EXE

PRC - [2010/12/17 01:28:20 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:Program Files (x86)SamsungEasy Display Managerdmhkcore.exe

PRC - [2010/12/14 17:01:16 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe

PRC - [2010/12/06 05:44:28 | 007,058,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:Program Files (x86)SamsungEasy Display ManagerWifiManager.exe

PRC - [2010/11/28 23:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:Program Files (x86)SamsungMovie Color EnhancerMovieColorEnhancer.exe

PRC - [2010/11/23 01:07:20 | 001,755,504 | ---- | M] (SAMSUNG Electronics) -- C:Program Files (x86)SamsungSamsung Support CenterSSCKbdHk.exe

PRC - [2010/11/22 16:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:WindowsSysWOW64nlssrv32.exe

PRC - [2010/11/17 02:24:54 | 004,387,632 | ---- | M] (SEC) -- C:Program Files (x86)SamsungSamsung Recovery Solution 5WCScheduler.exe

PRC - [2010/11/10 02:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:Program Files (x86)CyberLinkYouCamYCMMirage.exe

PRC - [2010/10/05 23:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe

PRC - [2010/10/05 23:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

PRC - [2010/08/26 19:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:Program Files (x86)SamsungSamsung Update PlusSUPBackground.exe

PRC - [2010/06/07 21:15:42 | 000,618,496 | ---- | M] () -- C:WindowsSamsungPanelMgrSSMMgr.exe

PRC - [2010/05/25 06:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:Program Files (x86)Internet Download ManagerIEMonitor.exe

PRC - [2010/02/10 08:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:Program Files (x86)SamsungEasySpeedUpManagerEasySpeedUpManager.exe

PRC - [2009/11/01 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe

PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:Program Files (x86)MagicDiscMagicDisc.exe

PRC - [2006/09/28 03:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:Program Files (x86)Common FilesUlead SystemsDVDULCDRSvr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/10/16 19:41:00 | 003,775,488 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_Map.dll

MOD - [2012/10/16 07:54:22 | 001,041,736 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinNETGEARGenie.exe

MOD - [2012/10/11 18:57:28 | 008,295,424 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_Resource.dll

MOD - [2012/10/11 18:57:28 | 001,553,408 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinSvtNetworkTool.dll

MOD - [2012/10/11 18:57:28 | 001,188,352 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_RouterConfiguration.dll

MOD - [2012/10/11 18:57:28 | 001,132,032 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_ParentalControl.dll

MOD - [2012/10/11 18:57:28 | 001,062,400 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_Internet.dll

MOD - [2012/10/11 18:57:28 | 000,920,064 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_Ui.dll

MOD - [2012/10/11 18:57:28 | 000,702,464 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinInnerPlugin_Update.dll

MOD - [2012/10/11 18:57:28 | 000,641,536 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_Statistics.dll

MOD - [2012/10/11 18:57:28 | 000,504,832 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinInnerPlugin_WirelessExport.dll

MOD - [2012/10/11 18:57:28 | 000,500,736 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_NetworkProblem.dll

MOD - [2012/10/11 18:57:28 | 000,478,720 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGenie.dll

MOD - [2012/10/11 18:57:28 | 000,438,272 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_Wireless.dll

MOD - [2012/10/11 18:57:28 | 000,229,888 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinGeniePlugin_Airprint.dll

MOD - [2012/10/11 18:57:28 | 000,186,368 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinDragonNetTool.dll

MOD - [2012/10/11 18:57:28 | 000,150,528 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinDiagnoseDll.dll

MOD - [2012/10/11 18:57:28 | 000,138,752 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebinairprintdll.dll

MOD - [2012/10/11 18:57:28 | 000,136,704 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinDiagnosePlugin.dll

MOD - [2012/10/11 18:57:28 | 000,116,224 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinWSetupApiPlugin.dll

MOD - [2012/10/11 18:57:28 | 000,088,064 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinQRCode.dll

MOD - [2012/10/11 18:57:28 | 000,083,968 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinNetcardApi.dll

MOD - [2012/10/11 18:57:28 | 000,082,432 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinSVTUtils.dll

MOD - [2012/10/11 18:57:28 | 000,076,288 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinWSetupDll.dll

MOD - [2012/09/25 00:06:14 | 000,122,696 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebingenie2_tray.exe

MOD - [2012/05/11 00:24:16 | 009,814,016 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinQtGui4.dll

MOD - [2012/05/11 00:24:16 | 002,537,472 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinQtCore4.dll

MOD - [2012/05/11 00:24:16 | 001,140,224 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinQtNetwork4.dll

MOD - [2012/05/11 00:24:16 | 000,399,360 | ---- | M] () -- C:Program Files (x86)NETGEAR GeniebinQtXml4.dll

MOD - [2012/05/11 00:24:16 | 000,287,232 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebinimageformatsqjpeg4.dll

MOD - [2012/05/11 00:24:16 | 000,083,456 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebinimageformatsqico4.dll

MOD - [2012/05/11 00:24:16 | 000,083,456 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebinimageformatsqgif4.dll

MOD - [2012/05/09 20:34:06 | 000,043,008 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebinlibgcc_s_dw2-1.dll

MOD - [2012/05/09 20:34:06 | 000,011,362 | ---- | M] () -- C:Program Files (x86)NETGEAR Geniebinmingwm10.dll

MOD - [2011/08/23 20:39:11 | 000,655,360 | ---- | M] () -- C:Program Files (x86)CyberLinkPowerDVD12CommonKoan_ssl.pyd

MOD - [2011/08/23 20:39:11 | 000,081,920 | ---- | M] () -- C:Program Files (x86)CyberLinkPowerDVD12CommonKoan_ctypes.pyd

MOD - [2011/08/23 20:39:11 | 000,053,248 | ---- | M] () -- C:Program Files (x86)CyberLinkPowerDVD12CommonKoan_socket.pyd

MOD - [2011/08/19 15:33:28 | 000,047,960 | ---- | M] () -- C:Program Files (x86)IObitSmart Defrag 2NtfsData.dll

MOD - [2010/07/05 04:42:58 | 000,203,776 | ---- | M] () -- C:Program Files (x86)SamsungMovie Color EnhancerWinCRT.dll

MOD - [2010/06/07 21:15:42 | 000,618,496 | ---- | M] () -- C:WindowsSamsungPanelMgrSSMMgr.exe

MOD - [2010/05/07 08:22:18 | 001,636,864 | ---- | M] () -- C:Program Files (x86)SamsungSamsung Recovery Solution 5Resdll.dll

MOD - [2009/11/01 23:23:36 | 000,013,096 | ---- | M] () -- C:Program Files (x86)CyberLinkPower2GoCLMLSvcPS.dll

MOD - [2009/11/01 23:20:10 | 000,619,816 | ---- | M] () -- C:Program Files (x86)CyberLinkPower2GoCLMediaLibrary.dll

MOD - [2006/08/11 21:48:40 | 000,049,152 | ---- | M] () -- C:Program Files (x86)SamsungEasy Display ManagerHookDllPS2.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/06/06 17:14:14 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:Program FilesIntelWiMAXBinDMAgent.exe -- (DMAgent)

SRV:64bit: - [2011/06/06 17:09:36 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesIntelWiMAXBinAppSrv.exe -- (WiMAXAppSrv)

SRV:64bit: - [2011/01/04 22:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesIntelWiFibinEvtEng.exe -- (EvtEng)

SRV:64bit: - [2011/01/04 22:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesIntelWiFibinPanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/01/04 22:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/09/22 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:Program FilesWindows LiveMeshwlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/08/09 13:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:WindowsSysNativeSUPDSvc.exe -- (Samsung UPD Service)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

SRV - [2013/01/09 13:57:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/29 02:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/09/25 00:06:14 | 000,231,752 | ---- | M] (NETGEAR) [Auto | Running] -- C:Program Files (x86)NETGEAR GeniebinNETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)

SRV - [2012/09/19 01:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)

SRV - [2012/09/19 01:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)

SRV - [2012/09/19 01:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerCLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)

SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:Program Files (x86)SkypeUpdaterUpdater.exe -- (SkypeUpdate)

SRV - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:Program Files (x86)MicrosoftBingBar7.1.361.0SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:Program Files (x86)MicrosoftBingBar7.1.361.0BBSvc.EXE -- (BBSvc)

SRV - [2010/12/14 17:01:16 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe -- (nvUpdatusService)

SRV - [2010/11/22 16:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:WindowsSysWOW64nlssrv32.exe -- (nlsX86cc)

SRV - [2010/10/05 23:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe -- (UNS)

SRV - [2010/10/05 23:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe -- (LMS)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2006/09/28 03:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:Program Files (x86)Common FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/12/16 16:06:40 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversnpf.sys -- (NPF)

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WindowsSysNativedriversmbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/11/14 19:51:27 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversTsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/11/14 19:51:27 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversrdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/11/14 14:32:45 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:WindowsSysNativedriversavgtpx64.sys -- (avgtp)

DRV:64bit: - [2012/11/01 12:31:08 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverstaphss6.sys -- (taphss6)

DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WindowsSysNativedriversaswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:WindowsSysNativedriversaswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WindowsSysNativedriversaswSP.sys -- (aswSP)

DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WindowsSysNativedriversaswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WindowsSysNativedriversaswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WindowsSysNativedriversaswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/08/26 06:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversAnyDVD.sys -- (AnyDVD)

DRV:64bit: - [2012/08/01 18:23:14 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:WindowsSysNativedriversidmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:WindowsSysNativedriversfs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/10 15:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/19 14:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpmp.sys -- (bpmp)

DRV:64bit: - [2011/05/19 14:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpusb.sys -- (bpusb)

DRV:64bit: - [2011/05/19 14:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpenum.sys -- (bpenum)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversamdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:WindowsSysNativedriversamdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/03 23:47:50 | 000,534,144 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversAVerPola.sys -- (AVerPola)

DRV:64bit: - [2011/01/03 20:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversNETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:WindowsSysNativedriversElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010/12/14 17:01:14 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativedriversnvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2010/11/30 14:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversWDKMD.sys -- (wdkmd)

DRV:64bit: - [2010/11/28 23:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversigdkmd64.sys -- (igfx)

DRV:64bit: - [2010/11/26 17:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:WindowsSysNativedriversSmartDefragDriver.sys -- (SmartDefragDriver)

DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/12 16:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversETD.sys -- (ETD)

DRV:64bit: - [2010/11/10 02:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversclwvd.sys -- (clwvd)

DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversIntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/10/11 16:26:20 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversnusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/10/11 16:26:20 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversnusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversHECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/09/13 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativedriversiaStor.sys -- (iaStor)

DRV:64bit: - [2010/04/16 14:59:40 | 001,816,968 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversStkCMini.sys -- (StkCMini)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversamdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversstexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversserscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversevbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversbxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversb57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedrivershcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/28 00:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:WindowsSysNativedriversSABI.sys -- (SABI)

DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversmcdbus.sys -- (mcdbus)

DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverswdcsam64.sys -- (WDC_SAM)

DRV - [2012/09/19 16:12:50 | 000,147,704 | ---- | M] (CyberLink Corp.) [2012/11/09 08:34:12] [Kernel | Auto | Running] -- C:Program Files (x86)CyberLinkPowerDVD12CommonNavFilter000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})

DRV - [2012/08/26 06:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysWOW64driversAnyDVD.sys -- (AnyDVD)

DRV - [2012/06/20 03:35:49 | 000,083,704 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:Program Files (x86)CyberLinkPowerDVD12KernelDMPCLHNServerntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:WindowsSysWOW64driverswimmount.sys -- (WIMMount)

DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysWOW64driversmcdbus.sys -- (mcdbus)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5893014922044063&q={searchTerms}

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://samsung.msn.com

IE - HKLM..SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

 

IE - HKCU..SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKCU..SearchScopes{BDD321B6-193A-4A6B-A236-289EC8CBD792}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=642886&p={searchTerms}

IE - HKCU..SearchScopes{DB8B4161-865F-4162-8139-5CE827576E88}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: 2vffxtbr%40DailyBibleGuide.com:2.50.0.59174

FF - prefs.js..extensions.enabledAddons: %7B2a26ebf1-72d8-4964-9995-ec90896e049e%7D:2.1

FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

 

FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_5_502_146.dll ()

FF - HKLMSoftwareMozillaPlugins@APlusGamer_63.com/Plugin: C:Program Files (x86)APlusGamer_63bar1.binNP63Stub.dll File not found

FF - HKLMSoftwareMozillaPlugins@checkpoint.com/FFApi: C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinnpFFApi.dll File not found

FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.9.2: C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.9.2: C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@meadco.com/neptune plugin,version=2.0.0.29: C:PROGRA~2MEADCO~1npmeadax.dll (MeadCo Corp.)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@MindDabble_4p.com/Plugin: C:Program Files (x86)MindDabble_4pbar2.binNP4pStub.dll File not found

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions63ffxtbr@APlusGamer_63.com: C:Program Files (x86)APlusGamer_63bar1.bin

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions4pffxtbr@MindDabble_4p.com: C:Program Files (x86)MindDabble_4pbar2.bin

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:Program FilesCheckPointZAForceFieldWOW64TrustChecker

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionswrc@avast.com: C:Program FilesAVAST SoftwareAvastWebRepFF [2012/12/16 16:46:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2013/01/04 11:34:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 17.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/12/05 11:06:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 17.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsmozilla_cc@internetdownloadmanager.com: C:UsersOwnerAppDataRoamingIDMidmmzcc5 [2012/09/02 08:29:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2013/01/04 11:34:33 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaSeaMonkeyExtensionsmozilla_cc@internetdownloadmanager.com: C:UsersOwnerAppDataRoamingIDMidmmzcc5 [2012/09/02 08:29:32 | 000,000,000 | ---D | M]

 

[2012/12/25 11:28:08 | 000,000,000 | ---D | M] (No name found) -- C:UsersOwnerAppDataRoamingMozillaExtensions

[2013/01/08 11:43:53 | 000,000,000 | ---D | M] (No name found) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions

[2012/10/09 06:27:09 | 000,000,000 | ---D | M] (GoodApp) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions{2a26ebf1-72d8-4964-9995-ec90896e049e}

[2012/10/22 16:37:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/11/06 15:56:05 | 000,000,000 | ---D | M] (DailyBibleGuide) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions2vffxtbr@DailyBibleGuide.com

[2012/12/26 16:27:35 | 000,000,000 | ---D | M] (MindDabble) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions4pffxtbr@MindDabble_4p.com

[2012/11/12 13:25:33 | 000,000,000 | ---D | M] (APlusGamer) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions63ffxtbr@APlusGamer_63.com

[2012/11/28 14:35:31 | 000,233,909 | ---- | M] () (No name found) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions122c5ff6ff5c11e0948812313d1adcbe@jetpack.xpi

[2011/10/04 09:09:42 | 000,000,000 | ---- | M] () (No name found) -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions{2a26ebf1-72d8-4964-9995-ec90896e049e}forxpi.dat

[2012/12/14 14:56:55 | 000,001,066 | ---- | M] () -- C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultsearchpluginsutorrentcontrolv2-customized-web-search.xml

[2013/01/08 13:47:08 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

========== Chrome ==========

 

CHR - Extension: No name found = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsicdlfehblmklkikfigmjhbmmpmkmpooj1.1_0

CHR - Extension: No name found = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda7.0.1466_0

CHR - Extension: No name found = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsmhkaekfpcppmmioggniknbnbdbcigpkk2.2_0

CHR - Extension: No name found = C:UsersOwnerAppDataLocalGoogleChromeUser DataDefaultExtensionsmhkaekfpcppmmioggniknbnbdbcigpkk2.3_0

 

O1 HOSTS File: ([2013/01/07 20:23:36 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:Program Files (x86)Coupon Companion PluginCoupon Companion Plugin.dll File not found

O2 - BHO: (SelectionLinksBHO Class) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:Program Files (x86)OAppsSelectionLinks.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:Program FilesSamsung AnyWeb PrintW2PBrowser.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program Files (x86)Yahoo!CompanionInstallscpnYTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM..Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)

O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBar7.1.361.0BingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O3 - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..Run: [ETDCtrl] C:Program FilesElantechETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..Run: [HotKeysCmds] C:WindowsSysNativehkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [intelWireless] C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..Run: [intelWirelessWiMAX] C:Program FilesIntelWiMAXBinWiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..Run: [Persistence] C:WindowsSysNativeigfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [avast] C:Program FilesAVAST SoftwareAvastavastUI.exe (AVAST Software)

O4 - HKLM..Run: [CLMLServer] C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (CyberLink)

O4 - HKLM..Run: [PowerDVD12Agent] C:Program Files (x86)CyberLinkPowerDVD12PowerDVD12Agent.exe (CyberLink Corp.)

O4 - HKLM..Run: [PowerDVD12DMREngine] C:Program Files (x86)CyberLinkPowerDVD12KernelDMRPowerDVD12DMREngine.exe (CyberLink)

O4 - HKLM..Run: [samsung PanelMgr] C:WindowsSamsungPanelMgrSSMMgr.exe ()

O4 - HKLM..Run: [updatePPShortCut] C:Program Files (x86)CyberLinkPowerProducerMUITransferMUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..Run: [uVS10 Preload] C:Program Files (x86)Ulead SystemsUlead VideoStudio 10uvPL.exe (Ulead Systems, Inc.)

O4 - HKCU..Run: [AnyDVD] C:Program Files (x86)SlySoftAnyDVDAnyDVDtray.exe (SlySoft, Inc.)

O4 - HKCU..Run: [iDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe (Tonec Inc.)

O4 - HKCU..Run: [NETGEARGenie] C:Program Files (x86)NETGEAR GeniebinNETGEARGenie.exe ()

O4 - HKCU..Run: [spotify Web Helper] C:UsersOwnerAppDataRoamingSpotifyDataSpotifyWebHelper.exe (Spotify Ltd)

O4 - HKCU..Run: [Xvid] C:Program Files (x86)XvidCheckUpdate.exe ()

O4 - Startup: C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMagicDisc.lnk = C:Program Files (x86)MagicDiscMagicDisc.exe (MagicISO, Inc.)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDesktopCleanupWizard = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8:64bit: - Extra context menu item: Download all links with IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm ()

O8 - Extra context menu item: Download all links with IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm ()

O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:Program FilesSamsung AnyWeb PrintW2PBrowser.dll ()

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{EF589019-EF09-4585-8068-B38719BE845F}: DhcpNameServer = 192.168.1.1

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:WindowsSysWOW64nvinit.dll) - C:WindowsSysWOW64nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/01/08 08:56:43 | 000,032,600 | ---- | C] (IObit) -- C:WindowsSysNativeSmartDefragBootTime.exe

[2013/01/07 20:23:45 | 000,000,000 | ---D | C] -- C:$RECYCLE.BIN

[2013/01/07 19:40:45 | 000,000,000 | ---D | C] -- C:ComboFix

[2013/01/07 09:26:42 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataLocalPrograms

[2013/01/05 11:43:03 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsWBFS to ISO

[2013/01/05 11:43:02 | 000,000,000 | ---D | C] -- C:Program Files (x86)WBFS to ISO

[2013/01/04 11:34:48 | 000,000,000 | ---D | C] -- C:ProgramDataYahoo! Companion

[2013/01/04 11:34:48 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingYahoo!

[2013/01/04 11:34:47 | 000,000,000 | ---D | C] -- C:Program Files (x86)Yahoo!

[2013/01/04 11:33:28 | 000,000,000 | ---D | C] -- C:ProgramDataHP Product Assistant

[2013/01/04 11:33:16 | 000,000,000 | ---D | C] -- C:WindowsSysWow64spool

[2013/01/04 11:32:43 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsHP

[2013/01/04 11:32:26 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesHP

[2013/01/04 11:32:25 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesHewlett-Packard

[2013/01/04 11:32:18 | 000,000,000 | ---D | C] -- C:Windowshpoj4500g510a-f

[2013/01/04 11:32:03 | 000,000,000 | ---D | C] -- C:Config.Msi

[2013/01/04 11:31:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)HP

[2013/01/04 11:29:13 | 000,000,000 | ---D | C] -- C:ProgramDataHP

[2013/01/02 13:47:18 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET

[2013/01/01 10:08:57 | 000,000,000 | ---D | C] -- C:UsersOwnerDesktopbnl

[2012/12/29 07:40:31 | 000,000,000 | ---D | C] -- C:UsersOwnerDesktopmark viris

[2012/12/28 09:33:46 | 000,000,000 | ---D | C] -- C:Hugo extras

[2012/12/25 20:31:41 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingMedia Player Lite

[2012/12/25 20:28:14 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFile Association Manager

[2012/12/25 20:28:05 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingFileAssociationManager

[2012/12/25 20:28:01 | 000,000,000 | ---D | C] -- C:Program Files (x86)FileAssociationManager

[2012/12/25 20:27:58 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsMediaPlayerLite

[2012/12/25 20:27:58 | 000,000,000 | ---D | C] -- C:Program Files (x86)MediaPlayerLite

[2012/12/25 18:57:17 | 000,000,000 | ---D | C] -- C:toolbarImages

[2012/12/25 13:54:23 | 000,000,000 | ---D | C] -- C:ProgramDataBrowser Manager

[2012/12/25 11:28:45 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsvcr100.dll

[2012/12/25 11:28:12 | 000,000,000 | ---D | C] -- C:ProgramDataWincert

[2012/12/23 11:43:36 | 000,000,000 | ---D | C] -- C:ted dvd files

[2012/12/21 12:33:07 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingdvdcss

[2012/12/21 03:00:35 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysNativeatmfd.dll

[2012/12/21 03:00:35 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64atmfd.dll

[2012/12/21 03:00:35 | 000,046,080 | ---- | C] (Adobe Systems) -- C:WindowsSysNativeatmlib.dll

[2012/12/21 03:00:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:WindowsSysWow64atmlib.dll

[2012/12/20 07:39:17 | 000,000,000 | ---D | C] -- C:UsersOwnerDesktopWITLESS_PROTECTION

[2012/12/19 19:43:40 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:UsersOwnerDesktopTFC.exe

[2012/12/16 16:46:35 | 000,370,288 | ---- | C] (AVAST Software) -- C:WindowsSysNativedriversaswSP.sys

[2012/12/16 16:46:35 | 000,025,232 | ---- | C] (AVAST Software) -- C:WindowsSysNativedriversaswFsBlk.sys

[2012/12/16 16:46:35 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsavast! Free Antivirus

[2012/12/16 16:46:33 | 000,054,072 | ---- | C] (AVAST Software) -- C:WindowsSysNativedriversaswRdr2.sys

[2012/12/16 16:46:32 | 000,984,144 | ---- | C] (AVAST Software) -- C:WindowsSysNativedriversaswSnx.sys

[2012/12/16 16:46:32 | 000,059,728 | ---- | C] (AVAST Software) -- C:WindowsSysNativedriversaswTdi.sys

[2012/12/16 16:46:29 | 000,071,600 | ---- | C] (AVAST Software) -- C:WindowsSysNativedriversaswMonFlt.sys

[2012/12/16 16:46:00 | 000,041,224 | ---- | C] (AVAST Software) -- C:WindowsavastSS.scr

[2012/12/16 16:45:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:WindowsSysWow64aswBoot.exe

[2012/12/16 16:06:49 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataLocalNETGEARGenie

[2012/12/16 16:06:40 | 000,369,168 | ---- | C] (CACE Technologies, Inc.) -- C:WindowsSysNativewpcap.dll

[2012/12/16 16:06:40 | 000,106,000 | ---- | C] (CACE Technologies, Inc.) -- C:WindowsSysNativepacket.dll

[2012/12/16 16:06:40 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- C:WindowsSysNativedriversnpf.sys

[2012/12/16 16:06:32 | 000,000,000 | ---D | C] -- C:Program Files (x86)NETGEAR Genie

[2012/12/15 12:05:13 | 000,000,000 | ---D | C] -- C:UsersOwnerDesktoptorrents

[2012/12/14 14:48:35 | 000,000,000 | ---D | C] -- C:Program Files (x86)uTorrent

[2012/12/14 07:07:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/12/14 07:07:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/12/14 07:07:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/12/14 07:07:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/12/14 07:07:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/12/14 07:07:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/12/14 07:07:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe

[2012/12/14 07:07:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe

[2012/12/14 07:07:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2012/12/14 07:07:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2012/12/14 07:07:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2012/12/14 07:07:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll

[2012/12/14 07:07:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/12/14 07:07:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll

[2012/12/14 07:07:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/12/13 05:58:09 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativekernel32.dll

[2012/12/13 05:58:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeKernelBase.dll

[2012/12/13 05:58:09 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeconhost.exe

[2012/12/13 05:58:09 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll

[2012/12/13 05:58:08 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64win.dll

[2012/12/13 05:58:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64.dll

[2012/12/13 05:58:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64setup16.exe

[2012/12/13 05:58:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentvdm64.dll

[2012/12/13 05:58:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntvdm64.dll

[2012/12/13 05:58:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64cpu.dll

[2012/12/13 05:58:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64instnm.exe

[2012/12/13 05:58:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-security-base-l1-1-0.dll

[2012/12/13 05:58:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-file-l1-1-0.dll

[2012/12/13 05:58:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-file-l1-1-0.dll

[2012/12/13 05:58:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wow32.dll

[2012/12/13 05:58:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-threadpool-l1-1-0.dll

[2012/12/13 05:58:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/13 05:58:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/13 05:58:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/13 05:58:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-synch-l1-1-0.dll

[2012/12/13 05:58:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-heap-l1-1-0.dll

[2012/12/13 05:58:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-xstate-l1-1-0.dll

[2012/12/13 05:58:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-util-l1-1-0.dll

[2012/12/13 05:58:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-string-l1-1-0.dll

[2012/12/13 05:58:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-string-l1-1-0.dll

[2012/12/13 05:58:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processthreads-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-synch-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-misc-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localregistry-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localization-l1-1-0.dll

[2012/12/13 05:58:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localization-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-misc-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-memory-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-memory-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-heap-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-profile-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-profile-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-io-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-io-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-interlocked-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-handle-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-handle-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-fibers-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-fibers-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-delayload-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-delayload-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-debug-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-debug-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-datetime-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-datetime-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-console-l1-1-0.dll

[2012/12/13 05:58:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-console-l1-1-0.dll

[2012/12/13 05:58:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64user.exe

[2012/12/13 05:57:59 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedpnet.dll

[2012/12/13 05:57:59 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dpnet.dll

[2012/12/12 15:34:58 | 000,000,000 | ---D | C] -- C:UsersOwnerAppDataRoamingatunes

[2012/12/12 15:33:40 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsaTunes

[2012/12/12 15:33:11 | 000,000,000 | ---D | C] -- C:Program Files (x86)aTunes

[2012/12/12 11:44:07 | 000,000,000 | ---D | C] -- C:Program Files (x86)CheckPoint

[2012/12/11 09:47:27 | 001,461,029 | ---- | C] (Farbar) -- C:UsersOwnerDesktopFRST64.exe

[2012/12/10 20:38:13 | 000,752,213 | ---- | C] (Farbar) -- C:UsersOwnerDesktopMiniToolBox.exe

[3 C:UsersOwnerDocuments*.tmp files -> C:UsersOwnerDocuments*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/01/09 17:56:00 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2013/01/09 17:50:44 | 000,014,144 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/09 17:50:44 | 000,014,144 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/09 17:44:09 | 000,000,410 | ---- | M] () -- C:WindowstasksSlimDrivers Startup.job

[2013/01/09 17:42:46

Share this post


Link to post
Share on other sites

It would appear JonTom has already removed the infection :)

 

there are just a few orphaned files left behind which we will clear up now, then we can take care of cleaning up the tools

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    DRV:64bit: - [2012/11/14 14:32:45 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:WindowsSysNativedriversavgtpx64.sys -- (avgtp)
    IE:64bit: - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKCU..SearchScopes{DB8B4161-865F-4162-8139-5CE827576E88}: "URL" = http://search.condui...&ctid=CT2704262
    FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:Program FilesCheckPointZAForceFieldWOW64TrustChecker
    C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesnww68hdh.defaultextensions{2a26ebf1-72d8-4964-9995-ec90896e049e}forxpi.dat
    O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:Program Files (x86)Coupon Companion PluginCoupon Companion Plugin.dll File not found
    O3 - HKLM..Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

 

 

NEXT

 

 

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

 

NEXT

 

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u10
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Leave these two Checked

     

    Trace and Log Files

    Cached Applications and Applets

  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Edited by CatByte

Share this post


Link to post
Share on other sites

Hello CatByte,

 

here is my OTL log

 

All processes killed

========== OTL ==========

Error: No service named avgtp was found to stop!

ServiceDriver key avgtp not found.

File C:WindowsSysNativedriversavgtpx64.sys not found.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{DB8B4161-865F-4162-8139-5CE827576E88} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{DB8B4161-865F-4162-8139-5CE827576E88} not found.

Registry value HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{FFB96CC1-7EB3-449D-B827-DB661701C6BB} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FFB96CC1-7EB3-449D-B827-DB661701C6BB} not found.

File C:Program FilesCheckPointZAForceFieldWOW64TrustChecker not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110211181104} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{11111111-1111-1111-1111-110211181104} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10 not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:UsersOwnerDownloadsProgramscmd.bat deleted successfully.

C:UsersOwnerDownloadsProgramscmd.txt deleted successfully.

========== COMMANDS ==========

C:WindowsSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Owner

->Temp folder emptied: 20477790 bytes

->Temporary Internet Files folder emptied: 7087585 bytes

->Java cache emptied: 227543 bytes

->FireFox cache emptied: 302774981 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 12250 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22775230 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 50199 bytes

RecycleBin emptied: 70602677 bytes

 

Total Files Cleaned = 404.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01112013_123953

 

FilesFolders moved on Reboot...

C:UsersOwnerAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

File move failed. C:Windowstemp_avast_Webshlock.txt scheduled to be moved on reboot.

File move failed. C:WindowstempCLDigitalHomeCLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

 

Thank you for the help

Share this post


Link to post
Share on other sites

We just have some housekeeping to do now,

 

Please do the following:

 

 

You can delete the TDSSKiller, JRT, aswMBR and the Farbar logs and programs from your desktop.

 

NEXT

 

Follow these steps to uninstall Combofix

 

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image

 

 

NEXT

 

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

NEXT

 

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

 

If there are any logs/tools remaining on your desktop > right click and delete them.

 

 

NEXT

 

 

Below I have included a number of recommendations for how to protect your computer against malware infections.

 

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

     

  • Keep Windows updated by regularly checking their website at :

    http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

     

  • Make Internet Explorer more secure

    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

     

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

     

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

     

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

     

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

 

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Edited by CatByte

Share this post


Link to post
Share on other sites

Thank You all that helped. I think everything is clean. My computer is running like it should and the internet problems are fixed also. Thank you for the tips to help keep my computer clean. You can close this thread. Thanks again.

Share this post


Link to post
Share on other sites

Glad we were able to help :)

 

Let me take this opportunity to say a very big thank you to CatByte for stepping in when I was unable to respond :Rose:

 

 

As this problem appears to be resolved, this topic is now closed.

 

Best wishes

 

JonTom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...