Jump to content
Sign in to follow this  
WsW-WYATT-EARP

popups, programs installed, slow - help please

Recommended Posts

Hi,

 

My brother calls me and tells me his computer is messed up. He is very impatient and goes to the extreme when things go wrong. Something in internet explorer wasn't working correctly so he, at least from what I have seen, installed SySaver - superfast PC - MyPC backup - optimizer pro - compucleaner and chrome. He may have installed a few other programs but I am not sure, these were what I notcied in the start menu. He started the damage on saturday morning 2/7.

 

I did do a TCF / spy-bot / adaware / superantispyware runs and some items were cleaned up but I have not yet uninstalled anything as I know some of these don't just "go away".

 

DDS and HJT logs below -

 

Thanks so much!

Ben

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 10.51.2
Run by Owner at 14:16:58 on 2014-02-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1829 [GMT -6:00]
.
AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\SuperFastPC\SuperFastPC.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\monitor.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Web Protect\PCProtect.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: MRI_DISABLED - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - <orphaned>
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [FAStartup] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Windows\System32\PCProtect.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.27.4
TCP: Interfaces\{509760F7-BA14-4AE6-9A61-B012EAC60366} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9194DFDE-7DFA-413F-9148-FD166D480B98} : DHCPNameServer = 192.168.27.4
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - LocalServer32 - <no file>
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - LocalServer32 - <no file>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - ExtSQL: 2014-02-07 23:00; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
FF - ExtSQL: 2014-02-09 12:31; gethighlightly@gethighlightly.com; C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF - ExtSQL: !HIDDEN! 2014-02-08 08:57; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
FF - ExtSQL: !HIDDEN! 2014-02-09 12:31; gethighlightly@gethighlightly.com; C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('security.mixed_content.block_active_content', false);
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-4-5 53488]
R1 hlnfd;hlnfd;C:\Windows\System32\drivers\hlnfd.sys [2013-12-4 58256]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-8-11 200720]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [2009-4-5 88576]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-9-5 2340096]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2013-12-4 273000]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-3-9 366000]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-11 3921880]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-11 171416]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2011-9-6 42768]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-8-11 339984]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-5 126464]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-4-5 239104]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-4-5 158592]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-4-5 318656]
R3 PCProtect;PCProtect;C:\Program Files (x86)\Web Protect\PCProtect.exe [2014-1-8 1265608]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2006-11-2 46592]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ProtectMonitor;Protect Monitor;C:\monitorsvc.exe [2014-2-2 34244]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-11 1042272]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-8-2 243840]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-8-11 595960]
S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-8-11 917768]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2009-7-19 27136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-02-13 19:18:04 536 ----a-w- C:\Windows\SysWow64\schtasks.bin
2014-02-08 14:26:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-08 14:26:45 264616 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-02-08 14:26:45 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-02-08 14:26:45 174504 ----a-w- C:\Windows\SysWow64\java.exe
2014-02-05 10:19:13 17849344 ----a-w- C:\Windows\System32\mshtml.dll
2014-02-05 10:02:21 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-05 09:54:37 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-05 09:52:37 237056 ----a-w- C:\Windows\System32\url.dll
2014-02-05 09:52:29 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-05 09:51:47 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2014-02-05 09:51:43 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-02-05 09:51:34 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-02-05 09:50:50 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-05 09:50:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-02-05 08:58:27 12345344 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-05 08:53:14 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-02-05 08:51:01 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-05 08:49:14 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-02-05 08:48:56 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-05 08:48:08 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-02-05 08:48:02 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-02-05 08:47:57 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-02-05 08:47:22 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-05 08:46:50 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-02-03 02:01:54 487501 ----a-w- C:\monitor.exe
2014-02-03 02:00:18 34244 ----a-w- C:\monitorsvc.exe
2014-01-16 09:00:58 86054176 ----a-w- C:\Windows\System32\mrt.exe
2014-01-08 06:08:30 330624 ----a-w- C:\Windows\System32\PCProtect64.dll
2014-01-08 06:08:30 293984 ----a-w- C:\Windows\SysWow64\PCProtect.dll
2013-12-05 04:48:29 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-05 02:12:37 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 19:46:36 58256 ----a-w- C:\Windows\System32\drivers\hlnfd.sys
.
============= FINISH: 14:17:28.86 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/5/2009 12:56:01 AM
System Uptime: 2/13/2014 1:11:27 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0P173H
Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 125.932 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 6.826 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.5
aioprnt
aioscnnr
Amazon MP3 Downloader 1.0.5
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
C4USelfUpdater
center
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Cozi
Dell-eBay
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Touchpad
Dell Video Chat
Dell Wireless WLAN Card Utility
DELL0604
essentials
FastAccess
Google Chrome
Google Update Helper
Highlightly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Integrated Webcam Driver (1.05.02.1227)
Intel® Graphics Media Accelerator Driver
ITECIR
iTunes
Java 7 Update 51
Java Auto Updater
Java 6 Update 11
Java 7 Update 3 (64-bit)
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Live! Cam Avatar Creator
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB973688)
ocr
PC Clean Maestro
PreReq
Quickset
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SUPERAntiSpyware
SuperFast PC
SySaver
Trend Micro Internet Security Pro
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 wrapper
TWC WiFi
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Web Protect for Windows
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Install Manager
.
==== End Of File ===========================

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:20:30 PM, on 2/13/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)

FIREFOX: 11.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
C:\Program Files (x86)\SuperFastPC\SuperFastPC.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Users\Owner\Desktop\repair files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O4 - HKLM\..\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DigiDo] "C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe" startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: c:\progra~2\optimi~1\optpro~1.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (file missing)
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Highlightly Client Service (hlsvc) - Highlightly - C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files (x86)\Web Protect\PCProtect.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14554 bytes

Share this post


Link to post
Share on other sites

wowssa!...this is a mess.

When he saw the machine wasn't acting right he should had stopped right then.

 

 

Highlightly

Java Auto Updater

Java 6 Update 11

Java 7 Update 3 (64-bit)

SySaver

Search Protection

 

superfast PC -

MyPC backup -

optimizer pro -

compucleaner

 

see what will uninstall through the add/remove programs list. I know some will throw a fit, we'll get it another way if it does.

 

Now, theres to many security packages on here.

 

AV: Trend Micro Internet Security Pro *Disabled/Updated*

AV: Ad-Aware Antivirus *Disabled/Outdated* <-- since it's outdated should we remove this one?

SP: Ad-Aware Antivirus *Disabled/Outdated* <-- since it's outdated should we remove this one?

SP: Trend Micro Internet Security Pro *Disabled/Updated*

FW: Trend Micro Personal Firewall *Disabled/Updated*

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

 

 

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please download Farbar Recovery Scan Tool

 

(use correct version for your system.....Which system am I using?)

and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Edited by Juliet

Share this post


Link to post
Share on other sites

Juliet,

 

1st - THANKS so much for your help on this...

 

I went into control panel / programs and features and uninstalled

 

highlightly

java 6 update 11

java 7 update 3

sysaver

superfast pc

pc clean maestro (compuclever systems inc)

webprotect for windows

 

I couldn't find

java auto updater

search protection

my pc backup

optimizer pro

compucleaner

 

I think pc clean maestro is compucleaner and I tried to delete optimizer pro through the start menu but it says the uninstall file is not there ?

 

I removed adaware - he said that trendmicro was not up to date and probably wasn't running any protection that is up to date :(

 

rkill.exe ran ok - I included the log below in case you wanted to see it.

 

farbar also ran ok and the 2 logs below

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Owner (administrator) on OWNER-PC on 13-02-2014 18:29:49
Running from C:\Users\Owner\Desktop\repair files
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)
HKLM\...\Run: [ufSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1023416 2010-01-26] (Trend Micro Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-22] (IDT, Inc.)
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95488 2008-09-05] (Sensible Vision )
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [FAStartup] - [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe [329040 2009-07-24] (Trend Micro Inc.)
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-23] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => File Not Found
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No File
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 15 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9-x64 01 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 02 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 03 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 04 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 15 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.js
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010-08-11]
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com

Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
CHR Extension: (Lavasoft NewTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2014-02-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-23] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-22] (Andrea Electronics Corporation)
R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-02] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [836504 2010-11-08] (Trend Micro Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-22] (IDT, Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-08-11] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [595960 2010-08-11] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-08-11] (Trend Micro Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

S1 Beep; No ImagePath
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [114856 2007-07-03] (MCCI Corporation)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2010-08-11] (Trend Micro Inc.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-08-11] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2010-08-11] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-13 18:29 - 2014-02-13 18:29 - 00000000 ____D () C:\FRST
2014-02-13 18:22 - 2014-02-13 18:26 - 00003044 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-02-12 03:10 - 2014-02-05 04:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:10 - 2014-02-05 04:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:10 - 2014-02-05 04:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:10 - 2014-02-05 03:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:10 - 2014-02-05 03:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:10 - 2014-02-05 03:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:10 - 2014-02-05 03:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 03:10 - 2014-02-05 03:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:10 - 2014-02-05 03:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:10 - 2014-02-05 03:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:10 - 2014-02-05 03:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 03:10 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:10 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:10 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:10 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 03:10 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:10 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:10 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:10 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:10 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:10 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:10 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-12 03:10 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 00:14 - 2013-12-04 22:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 00:14 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics
2014-02-11 13:42 - 2014-02-13 18:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch
2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe
2014-02-11 13:22 - 2014-02-11 13:23 - 00006206 _____ () C:\Windows\wininit.ini
2014-02-11 04:20 - 2014-02-13 18:16 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-11 04:20 - 2014-02-12 03:26 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-11 04:20 - 2014-02-11 13:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-11 04:20 - 2014-02-11 04:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-02-11 04:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-11 03:46 - 2014-02-13 18:29 - 00000000 ____D () C:\Users\Owner\Desktop\repair files
2014-02-09 12:43 - 2014-02-13 13:18 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-02-08 20:06 - 2014-02-08 20:06 - 00588672 _____ ( ) C:\Users\Owner\Downloads\Setup.exe
2014-02-08 09:00 - 2014-02-08 09:00 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini
2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini
2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini
2014-02-08 09:00 - 2014-01-08 00:08 - 00330624 _____ (Objectify Media Inc) C:\Windows\system32\PCProtect64.dll
2014-02-08 09:00 - 2014-01-08 00:08 - 00293984 _____ (Objectify Media Inc) C:\Windows\SysWOW64\PCProtect.dll
2014-02-08 08:58 - 2014-02-13 18:00 - 00000000 ____D () C:\Program Files (x86)\Web Protect
2014-02-08 08:58 - 2014-02-08 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CompuClever
2014-02-08 08:57 - 2014-02-13 17:56 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-02-08 08:57 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver
2014-02-08 08:38 - 2014-02-08 08:38 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-08 08:27 - 2014-02-08 08:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe
2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exe

==================== One Month Modified Files and Folders =======

2014-02-13 18:29 - 2014-02-13 18:29 - 00000000 ____D () C:\FRST
2014-02-13 18:29 - 2014-02-11 03:46 - 00000000 ____D () C:\Users\Owner\Desktop\repair files
2014-02-13 18:28 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 18:28 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 18:26 - 2014-02-13 18:22 - 00003044 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-02-13 18:22 - 2009-04-04 23:53 - 01953375 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 18:16 - 2014-02-11 04:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-13 18:15 - 2010-09-14 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-13 18:14 - 2010-10-02 20:05 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 18:14 - 2010-08-11 13:12 - 00042468 _____ () C:\Windows\PFRO.log
2014-02-13 18:14 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 18:11 - 2012-03-16 20:37 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-13 18:11 - 2006-11-02 09:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-13 18:06 - 2014-02-11 13:42 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-13 18:00 - 2014-02-08 08:58 - 00000000 ____D () C:\Program Files (x86)\Web Protect
2014-02-13 17:56 - 2014-02-08 08:57 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-02-13 17:39 - 2014-02-08 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver
2014-02-13 17:39 - 2010-10-02 20:05 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 17:33 - 2010-03-23 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 13:18 - 2014-02-09 12:43 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-02-12 09:34 - 2010-10-02 20:05 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 09:34 - 2010-10-02 20:05 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 03:26 - 2014-02-11 04:20 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-12 03:26 - 2012-03-17 17:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-12 03:26 - 2012-03-17 13:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-12 03:15 - 2006-11-02 06:46 - 00719076 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics
2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch
2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe
2014-02-11 13:27 - 2014-02-11 04:20 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-11 13:23 - 2014-02-11 13:22 - 00006206 _____ () C:\Windows\wininit.ini
2014-02-11 13:21 - 2009-04-29 08:37 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 04:23 - 2014-02-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-02-08 20:06 - 2014-02-08 20:06 - 00588672 _____ ( ) C:\Users\Owner\Downloads\Setup.exe
2014-02-08 09:00 - 2014-02-08 09:00 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini
2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini
2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini
2014-02-08 08:58 - 2014-02-08 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CompuClever
2014-02-08 08:38 - 2014-02-08 08:38 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-08 08:26 - 2014-02-08 08:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-05 04:19 - 2014-02-12 03:10 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 04:02 - 2014-02-12 03:10 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 04:00 - 2014-02-12 03:10 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:54 - 2014-02-12 03:10 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:54 - 2014-02-12 03:10 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:52 - 2014-02-12 03:10 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:52 - 2014-02-12 03:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:52 - 2014-02-12 03:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:50 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:50 - 2014-02-12 03:10 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 03:50 - 2014-02-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:58 - 2014-02-12 03:10 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 02:56 - 2014-02-12 03:10 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 02:53 - 2014-02-12 03:10 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 02:51 - 2014-02-12 03:10 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 02:50 - 2014-02-12 03:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 02:49 - 2014-02-12 03:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 02:49 - 2014-02-12 03:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 02:48 - 2014-02-12 03:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 02:47 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 02:47 - 2014-02-12 03:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 02:47 - 2014-02-12 03:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 02:46 - 2014-02-12 03:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe
2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exe
2014-01-30 20:40 - 2010-10-15 21:03 - 00000000 ____D () C:\Windows\system32\Service
2014-01-16 03:04 - 2009-05-10 11:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 03:03 - 2013-08-14 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2006-11-02 06:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\a4e43805-0404-426b-b3a4-62ae8e6f863b.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-13 18:26

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by Owner at 2014-02-13 18:31:26
Running from C:\Users\Owner\Desktop\repair files
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Trend Micro Internet Security Pro (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Internet Security Pro (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (x32 Version: 9.5.5 - Adobe Systems Incorporated)
aioprnt (Version: 5.7.4.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.0.2.0 - Your Company Name) Hidden
Amazon MP3 Downloader 1.0.5 (x32 Version: - )
Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bing Bar (x32 Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (x32 Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Cozi (x32 Version: 1.0.3220.15315 - Cozi Group, Inc.)
Dell Dock (Version: 1.0.0 - Dell)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (Version: 7.102.101.211 - Alps Electric)
Dell Video Chat (x32 Version: 6.0 (6567) - SightSpeed Inc.)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30 - Dell Inc.)
DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
Dell-eBay (x32 Version: 1.00.0000 - Dell)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FastAccess (Version: 2.2.13.1 - Sensible Vision)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (Version: 2.1.1.3 - Apple Inc.)
Integrated Webcam Driver (1.05.02.1227) (Version: 1.05.02.1227 - Creative Technology Ltd.)
Intel® Graphics Media Accelerator Driver (Version: - )
ITECIR (x32 Version: 1.9 - ITE)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (x32 Version: 6.2.6.20 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
Live! Cam Avatar Creator (x32 Version: 4.6.1419.1 - Creative Technology Ltd)
MediaDirect (x32 Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (x32 Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 11.0 (x86 en-US) (x32 Version: 11.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (x32 Version: 6.2.2.60 - Eastman Kodak Company) Hidden
Quickset (Version: 9.2.7 - Dell Inc.)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (x32 Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
SAMSUNG Mobile Modem Driver Set (Version: - )
Samsung Mobile phone USB driver Software (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (Version: - )
SAMSUNG Mobile USB Modem Software (Version: - )
Samsung PC Studio 3 USB Driver Installer (x32 Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (Version: 5.0.1146 - SUPERAntiSpyware.com)
Trend Micro Internet Security Pro (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security Pro (Version: 17.50 - Trend Micro Inc.) Hidden
TurboTax 2011 (x32 Version: - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.1932 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0323 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0119 - Intuit Inc.) Hidden
TWC WiFi (x32 Version: - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
WildTangent Games (x32 Version: 1.0.0.62 - WildTangent)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (x32 Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Yahoo! Install Manager (x32 Version: - )

==================== Restore Points =========================

20-12-2013 06:13:09 Scheduled Checkpoint
21-12-2013 06:00:03 Scheduled Checkpoint
22-12-2013 06:00:02 Scheduled Checkpoint
25-12-2013 03:51:20 Scheduled Checkpoint
26-12-2013 06:00:05 Scheduled Checkpoint
04-01-2014 02:19:53 Scheduled Checkpoint
05-01-2014 06:25:03 Scheduled Checkpoint
08-01-2014 03:46:57 Scheduled Checkpoint
09-01-2014 06:00:03 Scheduled Checkpoint
12-01-2014 10:29:12 Scheduled Checkpoint
13-01-2014 10:40:13 Scheduled Checkpoint
16-01-2014 09:00:16 Windows Update
21-01-2014 10:09:08 Scheduled Checkpoint
22-01-2014 04:04:18 Scheduled Checkpoint
23-01-2014 09:51:12 Scheduled Checkpoint
25-01-2014 00:54:03 Scheduled Checkpoint
26-01-2014 06:00:02 Scheduled Checkpoint
27-01-2014 11:22:01 Scheduled Checkpoint
30-01-2014 14:37:01 Scheduled Checkpoint
01-02-2014 03:21:50 Scheduled Checkpoint
04-02-2014 05:05:54 Scheduled Checkpoint
05-02-2014 04:05:17 Scheduled Checkpoint
07-02-2014 21:39:15 Scheduled Checkpoint
08-02-2014 14:21:14 Windows Update
08-02-2014 14:25:26 Installed Java 7 Update 51
09-02-2014 12:28:03 Scheduled Checkpoint
11-02-2014 19:40:58 AA11
12-02-2014 09:00:17 Windows Update
13-02-2014 23:36:19 Removed Java 6 Update 11
13-02-2014 23:37:23 Removed Java 7 Update 3 (64-bit)
14-02-2014 00:08:26 AA11

==================== Hosts content: ==========================

2006-11-02 06:34 - 2012-03-21 12:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0AF0B53D-7C90-4146-811B-8998C61F8335} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {15CF3666-21DE-4B92-AB65-F6F268D1187F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {28234DC5-0E11-454B-AF5B-D6B6C7930ECF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6994F916-0D8E-4F81-B4DC-DAD2619410A5} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {940C54B8-C919-47B8-9499-A95669FDB302} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A3F55654-6962-4F76-8BFF-203863DD4232} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)
Task: {B6E964AD-700E-480C-B115-DCC4EDF6A19E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02] (Google Inc.)
Task: {D187BC44-C746-4659-ABE8-9AF4E32C04A5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {E8098A9C-B9D4-4BB7-BCB6-29299CA18EDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-08-11 13:19 - 2009-07-27 03:35 - 00016720 _____ () C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\Resource\en-US\platformdependent\TPResource.dll.mui
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-01 19:00 - 2010-03-19 20:58 - 00325632 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtXml4.dll
2013-08-01 19:00 - 2010-03-19 20:58 - 01954304 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtCore4.dll
2013-08-01 19:00 - 2010-03-19 20:58 - 07187456 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtGui4.dll
2013-08-01 19:00 - 2010-03-19 20:58 - 00847360 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtNetwork4.dll
2013-08-01 19:00 - 2013-02-27 12:56 - 00309248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\DigiDoFlavor.dll
2013-09-07 20:08 - 2012-01-31 13:43 - 00119808 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\imageformats\qjpeg4.dll
2013-09-07 20:08 - 2013-02-27 13:34 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG860ALOC.dll
2013-09-07 20:08 - 2013-02-27 13:30 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG852GLOC.dll
2013-09-07 20:08 - 2013-02-27 13:32 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG862GLOC.dll
2013-09-07 20:08 - 2013-02-27 13:25 - 01789952 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\MotorolaSBG900LOC.dll
2013-09-07 20:08 - 2013-02-27 13:29 - 01760256 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\NetgearWNR1000v3LOC.dll
2013-09-07 20:08 - 2013-02-27 13:35 - 01762816 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\UbeeDVW3201BLOC.dll
2013-08-01 19:00 - 2013-02-27 14:19 - 00023376 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyServicePS.dll
2014-02-11 04:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-11 04:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-11 04:20 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-11 04:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-11 04:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles(x86)%\IDT\WDM\sttray64.exe

==================== Faulty Device Manager Devices =============

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2014 06:16:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 06:15:08 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 33.43.168.192.in-addr.arpa. PTR Owner-PC.local.

Error: (02/13/2014 06:15:08 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.43.33:5353 18 33.43.168.192.in-addr.arpa. PTR Owner-PC-2.local.

Error: (02/13/2014 06:05:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 06:03:46 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 33.43.168.192.in-addr.arpa. PTR Owner-PC.local.

Error: (02/13/2014 06:03:46 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.43.33:5353 18 33.43.168.192.in-addr.arpa. PTR Owner-PC-2.local.

Error: (02/13/2014 05:59:28 PM) (Source: Application Error) (User: )
Description: Faulting application PCProtect.exe, version 2.2.8.4, time stamp 0x52ccc097, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x1005c547,
process id 0x16dc, application start time 0xPCProtect.exe0.

Error: (02/13/2014 05:45:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 05:41:18 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/13/2014 05:28:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8559010

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-02-11 06:12:52.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\User

Share this post


Link to post
Share on other sites

pfhew!

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe

AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => File Not Found

AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => File Not Found

URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No File

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File

FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.js

FF SelectedSearchEngine: SecureSearch

FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1

FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-08]

FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com

CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

cmd: netsh winsock reset

S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain

C:\Windows\SysWOW64\PCProtect.ini

C:\Windows\SysWOW64\PCProtectOff.ini

C:\Windows\system32\PCProtectOff.ini

C:\Windows\system32\PCProtect64.dll

C:\Windows\SysWOW64\PCProtect.dll

C:\Program Files (x86)\Web Protect

C:\Users\Owner\AppData\Roaming\CompuClever

2014-02-08 08:57 - 2014-02-13 17:56 - 00000000 ____D () C:\Program Files (x86)\CompuClever

2014-02-08 08:57 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver

2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe

2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exe

Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

 

*****************************

 

I know you may have run these next 2 tools but, time to run them again

 

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
let me see:

Fixlog.txt

C:\AdwCleaner[s1].txt

JRT.txt

 

 

are there any improvements?

Share this post


Link to post
Share on other sites

Juliet,

 

Everytime I run a fix so far, I have seen improvements. This last batch has really helped allot. Don't seem to be seeing pop-ups and the reboots are becoming much faster.

 

Ran the scans as instructed and log files are below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Owner at 2014-02-14 10:16:56 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => File Not Found
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => File Not Found
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-tyc8
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.js
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-08]
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
cmd: netsh winsock reset
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
C:\Windows\SysWOW64\PCProtect.ini
C:\Windows\SysWOW64\PCProtectOff.ini
C:\Windows\system32\PCProtectOff.ini
C:\Windows\system32\PCProtect64.dll
C:\Windows\SysWOW64\PCProtect.dll
C:\Program Files (x86)\Web Protect
C:\Users\Owner\AppData\Roaming\CompuClever
2014-02-08 08:57 - 2014-02-13 17:56 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-02-08 08:57 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver
2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe
2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exe
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
end

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value deleted successfully.
"C:\\PROGRA~2\\OPTIMI~1\\OPTPRO~2.DLL" => Value Data removed successfully.
"c:\\progra~2\\optimi~1\\optpro~1.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key deleted successfully.
HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCR\PROTOCOLS\Handler\cozi => Key deleted successfully.
HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\tmtb => Key deleted successfully.
HKCR\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} => Key deleted successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.js => Moved successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\gethighlightly@gethighlightly.com => Value deleted successfully.
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1 ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

70e6ca8c => Service deleted successfully.
C:\Windows\SysWOW64\PCProtect.ini => Moved successfully.
C:\Windows\SysWOW64\PCProtectOff.ini => Moved successfully.
C:\Windows\system32\PCProtectOff.ini => Moved successfully.
C:\Windows\system32\PCProtect64.dll => Moved successfully.
C:\Windows\SysWOW64\PCProtect.dll => Moved successfully.
C:\Program Files (x86)\Web Protect => Moved successfully.
C:\Users\Owner\AppData\Roaming\CompuClever => Moved successfully.
C:\Program Files (x86)\CompuClever => Moved successfully.
C:\Users\Owner\AppData\Local\SySaver => Moved successfully.
Could not move "C:\monitor.exe" => Scheduled to move on reboot.
C:\monitorsvc.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-14 10:19:09)<=

C:\monitor.exe => Is moved successfully.

==== End of Fixlog ====

 

 

# AdwCleaner v3.018 - Report created 14/02/2014 at 10:26:06
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\repair files\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\facemoods.com
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\FunWebProducts
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\MyWebSearch

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

-\\ Mozilla Firefox v11.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\prefs.js ]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [3889 octets] - [14/02/2014 10:24:05]
AdwCleaner[s0].txt - [3578 octets] - [14/02/2014 10:26:06]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3638 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista Home Premium x64
Ran by Owner on Fri 02/14/2014 at 10:33:33.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/14/2014 at 10:44:12.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

 

Everytime I run a fix so far, I have seen improvements. This last batch has really helped allot. Don't seem to be seeing pop-ups and the reboots are becoming much faster.

 

it's a miracle! no joking. I was very happy to hear that because this machine was nearly kaputs!

 

change Chrome Settings HomePage

https://support.google.com/chrome/answer/95314?hl=en

Do the above if it needs to be done.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

These next 2 scanners will let us know if anything is left.

 

 

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer

 

~~~~~~~~~~~~~~~~~~

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

 

 

 

Post:

MBAM log

Eset online log

 

 

Share this post


Link to post
Share on other sites

Also wanted to mention:

An out dated antivirus does no good. I also saw Adaware antivirus, I don't know much about this software so I cannot recommend using it.

 

This machine needs antivirus protection.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

When doing installs, try to do a custom install to opt out of added tool bars and extra search options.

Share this post


Link to post
Share on other sites

Juliet,

 

I had some problems getting TFC to run all the way. It would clean the user temp files then get stuck. I did get it to run to completion finally after deleting it, shutting down, rebooting and redownloading the file (maybe a corrupt file?) anyways, it did run to completion.

 

I deleted chrome and all settings with it as my brother asked me to get rid of it cause he didn't care for it.

 

MBAM log below -

 

No ESET log - came up clean

 

I am going to remove trendmicro and install avast

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/14/2014 8:04:11 PM
mbam-log-2014-02-14 (20-04-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216141
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

No idea what happened to TFC.

 

Install antivirus as soon as you can, no computer needs to be on the internet without protection.

 

Good, Chrome is gone.

 

You haven't mentioned how things are for the moment, let's run a new FRST scan and check for remnants.

Share this post


Link to post
Share on other sites

Juliet,

 

I have uninstalled the trend micro suite and have installed avast. MBAM was giving me the "trial time has ended" notification so I also removed that. I have updated super anti-spyware as it kept telling me there was an update.

 

Sorry for not giving an update - it's amazing how quick this has turned around. Everything is so responsive again! No pop-ups or tabs opening up when I click on a link in your posts. I wish I had the knowledge you all have to remove this stuff.

 

FRST log below

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Owner (administrator) on OWNER-PC on 15-02-2014 12:28:51
Running from C:\Users\Owner\Desktop\repair files
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUi.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-22] (IDT, Inc.)
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95488 2008-09-05] (Sensible Vision )
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [FAStartup] - [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.27.4

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-15]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-23] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-22] (Andrea Electronics Corporation)
R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-15] (AVAST Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-22] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.)
S2 ProtectMonitor; C:\monitorsvc.exe [X]
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-02-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-15] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-02-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-15] ()
S1 Beep; No ImagePath
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [114856 2007-07-03] (MCCI Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-15 12:22 - 2014-02-15 12:22 - 00001831 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-15 12:22 - 2014-02-15 12:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-02-15 12:21 - 2014-02-15 12:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-15 12:21 - 2014-02-15 12:21 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-15 12:21 - 2014-02-15 12:21 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-15 12:20 - 2014-02-15 12:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-15 12:18 - 2014-02-15 12:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-14 19:55 - 2014-02-14 19:55 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-14 11:14 - 2014-02-14 11:14 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-02-14 11:11 - 2014-02-14 11:14 - 00000000 ____D () C:\Program Files\Java
2014-02-14 10:33 - 2014-02-14 10:33 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 10:23 - 2014-02-14 10:26 - 00000000 ____D () C:\AdwCleaner
2014-02-13 18:29 - 2014-02-15 12:28 - 00000000 ____D () C:\FRST
2014-02-12 03:10 - 2014-02-05 04:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:10 - 2014-02-05 04:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:10 - 2014-02-05 04:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:10 - 2014-02-05 03:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:10 - 2014-02-05 03:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:10 - 2014-02-05 03:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:10 - 2014-02-05 03:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 03:10 - 2014-02-05 03:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:10 - 2014-02-05 03:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:10 - 2014-02-05 03:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:10 - 2014-02-05 03:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:10 - 2014-02-05 03:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 03:10 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:10 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:10 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:10 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 03:10 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:10 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:10 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:10 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:10 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:10 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:10 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:10 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-12 03:10 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 00:14 - 2013-12-04 22:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 00:14 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics
2014-02-11 13:42 - 2014-02-13 18:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch
2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe
2014-02-11 13:22 - 2014-02-11 13:23 - 00006206 _____ () C:\Windows\wininit.ini
2014-02-11 04:20 - 2014-02-15 12:12 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-11 04:20 - 2014-02-12 03:26 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-11 04:20 - 2014-02-11 13:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-11 04:20 - 2014-02-11 04:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-02-11 04:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-11 03:46 - 2014-02-15 12:28 - 00000000 ____D () C:\Users\Owner\Desktop\repair files
2014-02-09 12:43 - 2014-02-13 13:18 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-02-08 08:27 - 2014-02-08 08:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

2014-02-15 12:28 - 2014-02-13 18:29 - 00000000 ____D () C:\FRST
2014-02-15 12:28 - 2014-02-11 03:46 - 00000000 ____D () C:\Users\Owner\Desktop\repair files
2014-02-15 12:22 - 2014-02-15 12:22 - 00001831 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-15 12:22 - 2014-02-15 12:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-02-15 12:22 - 2014-02-15 12:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-15 12:21 - 2014-02-15 12:21 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-15 12:21 - 2014-02-15 12:21 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-15 12:21 - 2014-02-15 12:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-15 12:20 - 2014-02-15 12:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-15 12:18 - 2014-02-15 12:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-15 12:18 - 2009-04-04 23:53 - 02075153 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 12:12 - 2014-02-11 04:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-15 12:12 - 2010-09-14 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-15 12:12 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 12:12 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 12:12 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 12:11 - 2006-11-02 09:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-15 12:07 - 2010-08-11 13:12 - 00080046 _____ () C:\Windows\PFRO.log
2014-02-15 12:06 - 2009-04-05 05:35 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-02-14 19:55 - 2014-02-14 19:55 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-14 11:14 - 2014-02-14 11:14 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-02-14 11:14 - 2014-02-14 11:11 - 00000000 ____D () C:\Program Files\Java
2014-02-14 10:54 - 2010-10-02 20:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-14 10:53 - 2010-10-02 20:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-02-14 10:53 - 2009-04-29 08:38 - 00000907 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-14 10:48 - 2012-03-17 13:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-14 10:33 - 2014-02-14 10:33 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 10:26 - 2014-02-14 10:23 - 00000000 ____D () C:\AdwCleaner
2014-02-13 18:11 - 2012-03-16 20:37 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-13 18:06 - 2014-02-11 13:42 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-13 17:33 - 2010-03-23 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 13:18 - 2014-02-09 12:43 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-02-12 03:26 - 2014-02-11 04:20 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-12 03:26 - 2012-03-17 17:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-12 03:15 - 2006-11-02 06:46 - 00719076 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics
2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch
2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe
2014-02-11 13:27 - 2014-02-11 04:20 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-11 13:23 - 2014-02-11 13:22 - 00006206 _____ () C:\Windows\wininit.ini
2014-02-11 13:21 - 2009-04-29 08:37 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 04:23 - 2014-02-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-02-08 08:26 - 2014-02-08 08:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-05 04:19 - 2014-02-12 03:10 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 04:02 - 2014-02-12 03:10 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 04:00 - 2014-02-12 03:10 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:54 - 2014-02-12 03:10 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:54 - 2014-02-12 03:10 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:52 - 2014-02-12 03:10 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:52 - 2014-02-12 03:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:52 - 2014-02-12 03:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:51 - 2014-02-12 03:10 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:50 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:50 - 2014-02-12 03:10 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 03:50 - 2014-02-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:58 - 2014-02-12 03:10 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 02:56 - 2014-02-12 03:10 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 02:53 - 2014-02-12 03:10 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 02:51 - 2014-02-12 03:10 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 02:50 - 2014-02-12 03:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 02:49 - 2014-02-12 03:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 02:49 - 2014-02-12 03:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 02:48 - 2014-02-12 03:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 02:48 - 2014-02-12 03:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 02:47 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 02:47 - 2014-02-12 03:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 02:47 - 2014-02-12 03:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 02:46 - 2014-02-12 03:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-30 20:40 - 2010-10-15 21:03 - 00000000 ____D () C:\Windows\system32\Service
2014-01-16 03:04 - 2009-05-10 11:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 03:03 - 2013-08-14 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2006-11-02 06:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\atl80.dll
C:\Users\Owner\AppData\Local\Temp\mfc80.dll
C:\Users\Owner\AppData\Local\Temp\mfc80u.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80u.dll
C:\Users\Owner\AppData\Local\Temp\msvcm80.dll
C:\Users\Owner\AppData\Local\Temp\msvcp80.dll
C:\Users\Owner\AppData\Local\Temp\msvcr80.dll
C:\Users\Owner\AppData\Local\Temp\TmDbg32.dll
C:\Users\Owner\AppData\Local\Temp\TmDbg64.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-15 12:18

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

 

Sorry for not giving an update - it's amazing how quick this has turned around. Everything is so responsive again! No pop-ups or tabs opening up when I click on a link in your posts. I wish I had the knowledge you all have to remove this stuff.

 

It's come a long way considering where it came from, and actually went easier then I expected. It's always good news to hear things are running better.

 

I also teach malware removal, interested?

 

 

What I see from the last scan are remnants from an incomplete uninstall of Trend Micro that we can remove.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock

BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File

Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File

S2 ProtectMonitor;

C:\monitorsvc.exe

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Also, let me know if we're ready for preventive tips.

 

Share this post


Link to post
Share on other sites

Juliet,

 

Everytime that I ask for help in here the results are noticed very quickly.

 

I am interested in learning the process of removal, I know that it's something that a person needs to keep up on as it keeps changing all the time in how deep things get.

 

FRST ran with no issues again - log is below

 

I do notice a few items on the desktop that are still around - there are 3 files

1- trend micro vault - it looks like just a placeholder - there is no "icon" for it, just the unknown file type look

2 & 3 - desktop.ini - there is 2 of these?

 

Not sure if I can just go ahead and delete these? One of the ini files was created in 2006 and modified in 2008, the other ini file was created in 2009 and the vault I can't even get properties on.

 

Otherwise, yes I would say we're ready for the tips and to close up shop. :)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Owner at 2014-02-15 15:10:14 Run:2
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File
S2 ProtectMonitor;

C:\monitorsvc.exe

end

*****************

HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TrendSecure Remote File Lock => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Key deleted successfully.
ProtectMonitor => Service deleted successfully.
"C:\monitorsvc.exe" => File/Directory not found.

==== End of Fixlog ====

 

Share this post


Link to post
Share on other sites

http://docs.trendmicro.com/en-us/consumer/titanium2012/tools/trend-micro-vault.aspx

By keeping sensitive files inside the Trend Micro Vault, you can prevent others from opening them if your computer is lost or stolen.

Unlocking the Vault

To unlock the Trend Micro Vault, right-click the desktop icon and select Unlock Vault, and then provide your password.

As a protective measure, the Trend Micro Vault regularly checks online if the computer has been reported lost or stolen. Once you access the Report Lost service, the vault seals automatically.

you may need your brother to supply a password for this?

 

2 & 3 - desktop.ini - there is 2 of these?

It is caused if we unchecked the option "Hide protected operating system files" in Folder Options.

alter settings in Folder Options to not display 'Hidden files and folders' and to 'Hide protected operating system files'. those should disappear.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

WTT Classroom

You may use my name as reference.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Run FRST/FRST64 and press the Fix button just once and wait.

no needed to post the log this time.

start

DeleteQuarantine:

end

 

 

Any other tools you can manually delete.

 

********************************************

 

Your good to go, good job!

 

Please take the time to read over a few of my preventive tips.

 

Computer Security

http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Be prepared for CryptoLocker:

 

Cryptolocker Ransomware: What You Need To Know

 

CryptoLocker Ransomware Information Guide and FAQ

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

AdblockPlus

Share this post


Link to post
Share on other sites

Juliet,

 

The "vault" really isn't there, I can't right click on it and open it, just brings up explorer. I did a search for the issue and found the only way was through registry editor. Like I said it was an unknown file type icon.

 

http://www.metahead.com/uninstall-trend-micro-vault

 

I tried going through the cmd prompt like the site says but none of the directories for trend micro were left, at the bottom of the site is the directions to remove it using the editor.

 

I thought about the ini files after I posted and wondered if the view hidden files was checked - you were right (of course).

 

Thanks again so much !

 

Really appreciate the help and everything you and everyone does here! My brother better appreciate it as well.

Share this post


Link to post
Share on other sites

Juliet -

 

not sure if this is the proper place to continue this, his main concern to why it all started was the inability for some java stuff to run in internet explorer. He does allot of ebay selling and there is stuff in his myebay that has java scripts that run - dropdown boxes and the check all button. This still isn't working and it is only in IE that it's not. I tried it with firefox and everything works fine?

 

I checked to make sure that java was enabled in the advanced settings and it is.

 

Thanks

Ben

Share this post


Link to post
Share on other sites

Juliet -

 

Hope you're not busting your head about this. I found some stuff in the ebay community just now that sent me to a link that said the compatibility view may be the culprit in IE 9. Low and behold - it was the issue.

 

Thanks again for all your help!

 

Ben

Share this post


Link to post
Share on other sites

Make sure he has all the recent updates for Vista service pack and the most current version of IE.

 

Glad the ebay community knew the answer.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×