WsW-WYATT-EARP Report post Posted February 13, 2014 Hi, My brother calls me and tells me his computer is messed up. He is very impatient and goes to the extreme when things go wrong. Something in internet explorer wasn't working correctly so he, at least from what I have seen, installed SySaver - superfast PC - MyPC backup - optimizer pro - compucleaner and chrome. He may have installed a few other programs but I am not sure, these were what I notcied in the start menu. He started the damage on saturday morning 2/7. I did do a TCF / spy-bot / adaware / superantispyware runs and some items were cleaned up but I have not yet uninstalled anything as I know some of these don't just "go away". DDS and HJT logs below - Thanks so much! Ben DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 10.51.2Run by Owner at 14:16:58 on 2014-02-13Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1829 [GMT -6:00].AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\WLTRYSVC.EXEC:\Windows\System32\bcmwltry.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exeC:\Windows\System32\mobsync.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exeC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exeC:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\ProgramData\Search Protection\SearchProtection.exeC:\Windows\ehome\ehmsas.exeC:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exeC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exeC:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\SuperFastPC\SuperFastPC.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exeC:\Program Files (x86)\Highlightly\Service\hlsvc.exeC:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exeC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\monitor.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exeC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Web Protect\PCProtect.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comuURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>BHO: MRI_DISABLED - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - <orphaned>BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dllTB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dlluRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lockuRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exemRun: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe"mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [Conime] C:\Windows\System32\conime.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [FAStartup] <no file>StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}LSP: C:\Windows\System32\PCProtect.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.27.4TCP: Interfaces\{509760F7-BA14-4AE6-9A61-B012EAC60366} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{9194DFDE-7DFA-413F-9148-FD166D480B98} : DHCPNameServer = 192.168.27.4Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllNotify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dllNotify: SDWinLogon - SDWinLogon.dllAppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeCLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dllx64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dllx64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dllx64-Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exex64-Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exex64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exex64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-Explorer: NoDrives = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabx64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabx64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - LocalServer32 - <no file>x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - LocalServer32 - <no file>x64-Notify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\FF - prefs.js: browser.search.selectedEngine - SecureSearchFF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - ExtSQL: 2014-02-07 23:00; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.orgFF - ExtSQL: 2014-02-09 12:31; gethighlightly@gethighlightly.com; C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.comFF - ExtSQL: !HIDDEN! 2014-02-08 08:57; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.orgFF - ExtSQL: !HIDDEN! 2014-02-09 12:31; gethighlightly@gethighlightly.com; C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com.---- FIREFOX POLICIES ----user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('security.mixed_content.block_active_content', false);============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-4-5 53488]R1 hlnfd;hlnfd;C:\Windows\System32\drivers\hlnfd.sys [2013-12-4 58256]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-8-11 200720]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [2009-4-5 88576]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-9-5 2340096]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2013-12-4 273000]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-3-9 366000]R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-11 3921880]R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-11 171416]R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2011-9-6 42768]R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-8-11 339984]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-5 126464]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-4-5 239104]R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-4-5 158592]R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-4-5 318656]R3 PCProtect;PCProtect;C:\Program Files (x86)\Web Protect\PCProtect.exe [2014-1-8 1265608]S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2006-11-2 46592]S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 ProtectMonitor;Protect Monitor;C:\monitorsvc.exe [2014-2-2 34244]S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-11 1042272]S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-8-2 243840]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-8-11 595960]S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-8-11 917768]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2009-7-19 27136]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920].=============== File Associations ===============.FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2014-02-13 19:18:04 536 ----a-w- C:\Windows\SysWow64\schtasks.bin2014-02-08 14:26:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2014-02-08 14:26:45 264616 ----a-w- C:\Windows\SysWow64\javaws.exe2014-02-08 14:26:45 175016 ----a-w- C:\Windows\SysWow64\javaw.exe2014-02-08 14:26:45 174504 ----a-w- C:\Windows\SysWow64\java.exe2014-02-05 10:19:13 17849344 ----a-w- C:\Windows\System32\mshtml.dll2014-02-05 10:02:21 10926080 ----a-w- C:\Windows\System32\ieframe.dll2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll2014-02-05 09:54:37 1347072 ----a-w- C:\Windows\System32\urlmon.dll2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2014-02-05 09:52:37 237056 ----a-w- C:\Windows\System32\url.dll2014-02-05 09:52:29 86016 ----a-w- C:\Windows\System32\jsproxy.dll2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll2014-02-05 09:51:47 2147840 ----a-w- C:\Windows\System32\iertutil.dll2014-02-05 09:51:43 816640 ----a-w- C:\Windows\System32\jscript.dll2014-02-05 09:51:34 729088 ----a-w- C:\Windows\System32\msfeeds.dll2014-02-05 09:50:50 96768 ----a-w- C:\Windows\System32\mshtmled.dll2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-05 09:50:05 248320 ----a-w- C:\Windows\System32\ieui.dll2014-02-05 08:58:27 12345344 ----a-w- C:\Windows\SysWow64\mshtml.dll2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-05 08:53:14 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll2014-02-05 08:51:01 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-02-05 08:49:14 231936 ----a-w- C:\Windows\SysWow64\url.dll2014-02-05 08:48:56 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-02-05 08:48:08 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2014-02-05 08:48:02 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2014-02-05 08:47:57 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2014-02-05 08:47:22 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-05 08:46:50 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2014-02-03 02:01:54 487501 ----a-w- C:\monitor.exe2014-02-03 02:00:18 34244 ----a-w- C:\monitorsvc.exe2014-01-16 09:00:58 86054176 ----a-w- C:\Windows\System32\mrt.exe2014-01-08 06:08:30 330624 ----a-w- C:\Windows\System32\PCProtect64.dll2014-01-08 06:08:30 293984 ----a-w- C:\Windows\SysWow64\PCProtect.dll2013-12-05 04:48:29 1869824 ----a-w- C:\Windows\System32\msxml3.dll2013-12-05 02:12:37 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll2013-12-04 19:46:36 58256 ----a-w- C:\Windows\System32\drivers\hlnfd.sys.============= FINISH: 14:17:28.86 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 4/5/2009 12:56:01 AMSystem Uptime: 2/13/2014 1:11:27 PM (1 hours ago).Motherboard: Dell Inc. | | 0P173HProcessor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 1600/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 283 GiB total, 125.932 GiB free.D: is FIXED (NTFS) - 15 GiB total, 6.826 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: facap, FastAccess Video CaptureDevice ID: ROOT\IMAGE\0000Manufacturer: Sensible VisionName: facap, FastAccess Video CapturePNP Device ID: ROOT\IMAGE\0000Service: FACAP.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Acrobat.comAd-Aware AntivirusAd-Aware Security Add-onAdAwareInstallerAdAwareUpdaterAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader 9.5.5aioprntaioscnnrAmazon MP3 Downloader 1.0.5AntimalwareEngineApple Application SupportApple Mobile Device SupportApple Software UpdateBing BarBonjourC4USelfUpdatercenterChoice GuardCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCompatibility Pack for the 2007 Office systemCoziDell-eBayDell DockDell Edoc ViewerDell Getting Started GuideDell TouchpadDell Video ChatDell Wireless WLAN Card UtilityDELL0604essentialsFastAccessGoogle ChromeGoogle Update HelperHighlightlyHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)iCloudIntegrated Webcam Driver (1.05.02.1227) Intel® Graphics Media Accelerator DriverITECIRiTunesJava 7 Update 51Java Auto UpdaterJava 6 Update 11Java 7 Update 3 (64-bit)Junk Mail filter updateKodak AIO PrinterKODAK AiO SoftwareksDIPLive! Cam Avatar CreatorMediaDirectMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft WorksMobileMe Control PanelMozilla Firefox 11.0 (x86 en-US)MSVCRTMSXML 4.0 SP2 (KB973688)ocrPC Clean MaestroPreReqQuicksetQuickTimeRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSafariSAMSUNG Mobile Modem Driver SetSamsung Mobile phone USB driver SoftwareSAMSUNG Mobile USB Modem 1.0 SoftwareSAMSUNG Mobile USB Modem SoftwareSamsung PC Studio 3 USB Driver InstallerSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817641) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2837615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2837617) 32-Bit EditionSpelling Dictionaries Support For Adobe Reader 9Spybot - Search & DestroySUPERAntiSpywareSuperFast PCSySaverTrend Micro Internet Security ProTurboTax 2011TurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 wrapperTWC WiFiUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Web Protect for WindowsWildTangent GamesWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterYahoo! Install Manager.==== End Of File =========================== Logfile of Trend Micro HijackThis v2.0.5Scan saved at 2:20:30 PM, on 2/13/2014Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v9.00 (9.00.8112.16533) FIREFOX: 11.0 (en-US)Boot mode: Normal Running processes:C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exeC:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\ProgramData\Search Protection\SearchProtection.exeC:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exeC:\Program Files (x86)\SuperFastPC\SuperFastPC.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exeC:\Users\Owner\Desktop\repair files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: (no name) - MRI_DISABLED - (no file)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - (no file)O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dllO3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllO3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllO4 - HKLM\..\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [DigiDo] "C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe" startupO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"O4 - HKLM\..\Run: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lockO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')O4 - Global Startup: QuickSet.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllO18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dllO20 - AppInit_DLLs: c:\progra~2\optimi~1\optpro~1.dllO20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dllO20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEO23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (file missing)O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exeO23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exeO23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Highlightly Client Service (hlsvc) - Highlightly - C:\Program Files (x86)\Highlightly\Service\hlsvc.exeO23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exeO23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files (x86)\Web Protect\PCProtect.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeO23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeO23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeO23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeO23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (file missing)O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exeO23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exeO23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 14554 bytes Share this post Link to post Share on other sites
Juliet Report post Posted February 13, 2014 (edited) wowssa!...this is a mess. When he saw the machine wasn't acting right he should had stopped right then. Highlightly Java Auto Updater Java 6 Update 11 Java 7 Update 3 (64-bit) SySaver Search Protection superfast PC - MyPC backup - optimizer pro - compucleaner see what will uninstall through the add/remove programs list. I know some will throw a fit, we'll get it another way if it does. Now, theres to many security packages on here. AV: Trend Micro Internet Security Pro *Disabled/Updated* AV: Ad-Aware Antivirus *Disabled/Outdated* <-- since it's outdated should we remove this one? SP: Ad-Aware Antivirus *Disabled/Outdated* <-- since it's outdated should we remove this one? SP: Trend Micro Internet Security Pro *Disabled/Updated* FW: Trend Micro Personal Firewall *Disabled/Updated* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions. Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 6 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif WiNlOgOn.exe uSeRiNiT.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Farbar Recovery Scan Tool (use correct version for your system.....Which system am I using?) and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Edited February 13, 2014 by Juliet Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 14, 2014 Juliet, 1st - THANKS so much for your help on this... I went into control panel / programs and features and uninstalled highlightly java 6 update 11 java 7 update 3 sysaver superfast pc pc clean maestro (compuclever systems inc) webprotect for windows I couldn't find java auto updater search protection my pc backup optimizer pro compucleaner I think pc clean maestro is compucleaner and I tried to delete optimizer pro through the start menu but it says the uninstall file is not there ? I removed adaware - he said that trendmicro was not up to date and probably wasn't running any protection that is up to date rkill.exe ran ok - I included the log below in case you wanted to see it. farbar also ran ok and the 2 logs below Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01Ran by Owner (administrator) on OWNER-PC on 13-02-2014 18:29:49Running from C:\Users\Owner\Desktop\repair filesWindows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Intel Corporation) C:\Windows\system32\igfxsrvc.exe(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)HKLM\...\Run: [ufSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1023416 2010-01-26] (Trend Micro Inc.)HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-22] (IDT, Inc.)HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95488 2008-09-05] (Sensible Vision )HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exeHKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)HKLM-x32\...\Run: [FAStartup] - [X]HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exeWinlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe [329040 2009-07-24] (Trend Micro Inc.)HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-23] (SUPERAntiSpyware.com)HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => File Not FoundAppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => File Not FoundStartup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlURLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No FileBHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No FileBHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileDPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No FileHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No FileHandler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)Winsock: Catalog9 01 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)Winsock: Catalog9 02 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)Winsock: Catalog9 03 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)Winsock: Catalog9 04 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)Winsock: Catalog9 15 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)Winsock: Catalog9-x64 01 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)Winsock: Catalog9-x64 02 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)Winsock: Catalog9-x64 03 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)Winsock: Catalog9-x64 04 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)Winsock: Catalog9-x64 15 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 FireFox:========FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.defaultFF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.jsFF SelectedSearchEngine: SecureSearchFF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xmlFF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-08]FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtensionFF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010-08-11]FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com Chrome:=======CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]CHR Extension: (Lavasoft NewTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2014-02-11]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-23] (SUPERAntiSpyware.com)R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-22] (Andrea Electronics Corporation)R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-02] ()R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [836504 2010-11-08] (Trend Micro Inc.)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-22] (IDT, Inc.)S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-08-11] (Trend Micro Inc.)S3 TmPfw; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [595960 2010-08-11] (Trend Micro Inc.)S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-08-11] (Trend Micro Inc.)S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.)S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMainS3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X] ==================== Drivers (Whitelisted) ==================== S1 Beep; No ImagePathS3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [114856 2007-07-03] (MCCI Corporation)R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2010-08-11] (Trend Micro Inc.)R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-08-11] (Trend Micro Inc.)R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2010-08-11] (Trend Micro Inc.)R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S1 hlnfd; system32\drivers\hlnfd.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-13 18:29 - 2014-02-13 18:29 - 00000000 ____D () C:\FRST2014-02-13 18:22 - 2014-02-13 18:26 - 00003044 _____ () C:\Users\Owner\Desktop\Rkill.txt2014-02-12 03:10 - 2014-02-05 04:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-12 03:10 - 2014-02-05 04:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-12 03:10 - 2014-02-05 04:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-12 03:10 - 2014-02-05 03:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-12 03:10 - 2014-02-05 03:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-12 03:10 - 2014-02-05 03:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-12 03:10 - 2014-02-05 03:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-02-12 03:10 - 2014-02-05 03:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-12 03:10 - 2014-02-05 03:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-12 03:10 - 2014-02-05 03:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-12 03:10 - 2014-02-05 03:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-12 03:10 - 2014-02-05 03:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-02-12 03:10 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-12 03:10 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-12 03:10 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-12 03:10 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-12 03:10 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-12 03:10 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-12 03:10 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-02-12 03:10 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-12 03:10 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-02-12 03:10 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-12 03:10 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-12 03:10 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-12 03:10 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-12 03:10 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-12 03:10 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-02-12 03:10 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-12 00:14 - 2013-12-04 22:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-02-12 00:14 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics2014-02-11 13:42 - 2014-02-13 18:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe2014-02-11 13:22 - 2014-02-11 13:23 - 00006206 _____ () C:\Windows\wininit.ini2014-02-11 04:20 - 2014-02-13 18:16 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2014-02-11 04:20 - 2014-02-12 03:26 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2014-02-11 04:20 - 2014-02-11 13:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2014-02-11 04:20 - 2014-02-11 04:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)2014-02-11 04:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-02-11 03:46 - 2014-02-13 18:29 - 00000000 ____D () C:\Users\Owner\Desktop\repair files2014-02-09 12:43 - 2014-02-13 13:18 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin2014-02-08 20:06 - 2014-02-08 20:06 - 00588672 _____ ( ) C:\Users\Owner\Downloads\Setup.exe2014-02-08 09:00 - 2014-02-08 09:00 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini2014-02-08 09:00 - 2014-01-08 00:08 - 00330624 _____ (Objectify Media Inc) C:\Windows\system32\PCProtect64.dll2014-02-08 09:00 - 2014-01-08 00:08 - 00293984 _____ (Objectify Media Inc) C:\Windows\SysWOW64\PCProtect.dll2014-02-08 08:58 - 2014-02-13 18:00 - 00000000 ____D () C:\Program Files (x86)\Web Protect2014-02-08 08:58 - 2014-02-08 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CompuClever2014-02-08 08:57 - 2014-02-13 17:56 - 00000000 ____D () C:\Program Files (x86)\CompuClever2014-02-08 08:57 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver2014-02-08 08:38 - 2014-02-08 08:38 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-02-08 08:27 - 2014-02-08 08:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exe ==================== One Month Modified Files and Folders ======= 2014-02-13 18:29 - 2014-02-13 18:29 - 00000000 ____D () C:\FRST2014-02-13 18:29 - 2014-02-11 03:46 - 00000000 ____D () C:\Users\Owner\Desktop\repair files2014-02-13 18:28 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-02-13 18:28 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-02-13 18:26 - 2014-02-13 18:22 - 00003044 _____ () C:\Users\Owner\Desktop\Rkill.txt2014-02-13 18:22 - 2009-04-04 23:53 - 01953375 _____ () C:\Windows\WindowsUpdate.log2014-02-13 18:16 - 2014-02-11 04:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2014-02-13 18:15 - 2010-09-14 20:45 - 00000000 ____D () C:\ProgramData\Kodak2014-02-13 18:14 - 2010-10-02 20:05 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-13 18:14 - 2010-08-11 13:12 - 00042468 _____ () C:\Windows\PFRO.log2014-02-13 18:14 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-13 18:11 - 2012-03-16 20:37 - 00000000 ____D () C:\ProgramData\Lavasoft2014-02-13 18:11 - 2006-11-02 09:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-02-13 18:06 - 2014-02-11 13:42 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-02-13 18:00 - 2014-02-08 08:58 - 00000000 ____D () C:\Program Files (x86)\Web Protect2014-02-13 17:56 - 2014-02-08 08:57 - 00000000 ____D () C:\Program Files (x86)\CompuClever2014-02-13 17:39 - 2014-02-08 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver2014-02-13 17:39 - 2010-10-02 20:05 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-13 17:33 - 2010-03-23 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-02-13 13:18 - 2014-02-09 12:43 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin2014-02-12 09:34 - 2010-10-02 20:05 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-02-12 09:34 - 2010-10-02 20:05 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-02-12 03:26 - 2014-02-11 04:20 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2014-02-12 03:26 - 2012-03-17 17:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-02-12 03:26 - 2012-03-17 13:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-02-12 03:15 - 2006-11-02 06:46 - 00719076 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe2014-02-11 13:27 - 2014-02-11 04:20 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2014-02-11 13:23 - 2014-02-11 13:22 - 00006206 _____ () C:\Windows\wininit.ini2014-02-11 13:21 - 2009-04-29 08:37 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-02-11 04:23 - 2014-02-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)2014-02-08 20:06 - 2014-02-08 20:06 - 00588672 _____ ( ) C:\Users\Owner\Downloads\Setup.exe2014-02-08 09:00 - 2014-02-08 09:00 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini2014-02-08 09:00 - 2014-02-08 09:00 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini2014-02-08 08:58 - 2014-02-08 08:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CompuClever2014-02-08 08:38 - 2014-02-08 08:38 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-02-08 08:26 - 2014-02-08 08:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-02-05 04:19 - 2014-02-12 03:10 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-05 04:02 - 2014-02-12 03:10 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-05 04:00 - 2014-02-12 03:10 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-05 03:54 - 2014-02-12 03:10 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-05 03:54 - 2014-02-12 03:10 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-05 03:52 - 2014-02-12 03:10 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-05 03:52 - 2014-02-12 03:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-02-05 03:52 - 2014-02-12 03:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-05 03:51 - 2014-02-12 03:10 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-05 03:50 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-05 03:50 - 2014-02-12 03:10 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-05 03:50 - 2014-02-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-02-05 02:58 - 2014-02-12 03:10 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-05 02:56 - 2014-02-12 03:10 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-05 02:53 - 2014-02-12 03:10 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-05 02:51 - 2014-02-12 03:10 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-05 02:50 - 2014-02-12 03:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-05 02:49 - 2014-02-12 03:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-05 02:49 - 2014-02-12 03:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-02-05 02:48 - 2014-02-12 03:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-05 02:48 - 2014-02-12 03:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-02-05 02:48 - 2014-02-12 03:10 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-05 02:48 - 2014-02-12 03:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-05 02:48 - 2014-02-12 03:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-05 02:47 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-05 02:47 - 2014-02-12 03:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-05 02:47 - 2014-02-12 03:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-02-05 02:46 - 2014-02-12 03:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exe2014-01-30 20:40 - 2010-10-15 21:03 - 00000000 ____D () C:\Windows\system32\Service2014-01-16 03:04 - 2009-05-10 11:21 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-01-16 03:03 - 2013-08-14 02:06 - 00000000 ____D () C:\Windows\system32\MRT2014-01-16 03:00 - 2006-11-02 06:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\a4e43805-0404-426b-b3a4-62ae8e6f863b.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-13 18:26 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01Ran by Owner at 2014-02-13 18:31:26Running from C:\Users\Owner\Desktop\repair filesBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Trend Micro Internet Security Pro (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}AS: Trend Micro Internet Security Pro (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}FW: Trend Micro Personal Firewall (Disabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) HiddenAcrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 1.0.4990 - Adobe Systems Inc.)Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) HiddenAdobe Flash Player 11 ActiveX (x32 Version: 11.1.102.55 - Adobe Systems Incorporated)Adobe Reader 9.5.5 (x32 Version: 9.5.5 - Adobe Systems Incorporated)aioprnt (Version: 5.7.4.0 - Eastman Kodak Company) Hiddenaioscnnr (x32 Version: 6.0.2.0 - Your Company Name) HiddenAmazon MP3 Downloader 1.0.5 (x32 Version: - )Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)Bing Bar (x32 Version: 7.0.850.0 - Microsoft Corporation)Bonjour (Version: 3.0.0.10 - Apple Inc.)C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hiddencenter (x32 Version: 6.2.5.0 - Eastman Kodak Company) HiddenChoice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) HiddenCisco EAP-FAST Module (x32 Version: 2.1.6 - Cisco Systems, Inc.)Cisco LEAP Module (x32 Version: 1.0.12 - Cisco Systems, Inc.)Cisco PEAP Module (x32 Version: 1.0.13 - Cisco Systems, Inc.)Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Cozi (x32 Version: 1.0.3220.15315 - Cozi Group, Inc.)Dell Dock (Version: 1.0.0 - Dell)Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)Dell Touchpad (Version: 7.102.101.211 - Alps Electric)Dell Video Chat (x32 Version: 6.0 (6567) - SightSpeed Inc.)Dell Wireless WLAN Card Utility (Version: 5.10.38.30 - Dell Inc.)DELL0604 (x32 Version: 1.0.0 - WildTangent) HiddenDell-eBay (x32 Version: 1.00.0000 - Dell)essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) HiddenFastAccess (Version: 2.2.13.1 - Sensible Vision)Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) HiddeniCloud (Version: 2.1.1.3 - Apple Inc.)Integrated Webcam Driver (1.05.02.1227) (Version: 1.05.02.1227 - Creative Technology Ltd.)Intel® Graphics Media Accelerator Driver (Version: - )ITECIR (x32 Version: 1.9 - ITE)iTunes (Version: 11.0.1.12 - Apple Inc.)Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) HiddenKodak AIO Printer (Version: 6.2.4.0 - Eastman Kodak Company) HiddenKODAK AiO Software (x32 Version: 6.2.6.20 - Eastman Kodak Company)ksDIP (x32 Version: 3.20.0000.0001 - Eastman Kodak Company) HiddenLive! Cam Avatar Creator (x32 Version: 4.6.1419.1 - Creative Technology Ltd)MediaDirect (x32 Version: 4.0 - Dell)Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (x32 Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)Mozilla Firefox 11.0 (x86 en-US) (x32 Version: 11.0 - Mozilla)MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) HiddenMSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) HiddenPreReq (x32 Version: 6.2.2.60 - Eastman Kodak Company) HiddenQuickset (Version: 9.2.7 - Dell Inc.)QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator Copy (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator Data (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator DE (x32 Version: 10.1 - Roxio)Roxio Creator DE (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator Tools (x32 Version: 3.7.0 - Roxio) HiddenRoxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) HiddenRoxio Update Manager (x32 Version: 6.0.0 - Roxio) HiddenSafari (x32 Version: 5.34.57.2 - Apple Inc.)SAMSUNG Mobile Modem Driver Set (Version: - )Samsung Mobile phone USB driver Software (Version: - )SAMSUNG Mobile USB Modem 1.0 Software (Version: - )SAMSUNG Mobile USB Modem Software (Version: - )Samsung PC Studio 3 USB Driver Installer (x32 Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)SUPERAntiSpyware (Version: 5.0.1146 - SUPERAntiSpyware.com)Trend Micro Internet Security Pro (Version: 17.50 - Trend Micro Inc.)Trend Micro Internet Security Pro (Version: 17.50 - Trend Micro Inc.) HiddenTurboTax 2011 (x32 Version: - Intuit, Inc)TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.1932 - Intuit Inc.) HiddenTurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0323 - Intuit Inc.) HiddenTurboTax 2011 wrapper (x32 Version: 011.000.0119 - Intuit Inc.) HiddenTWC WiFi (x32 Version: - )Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)WildTangent Games (x32 Version: 1.0.0.62 - WildTangent)Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation)Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) HiddenWindows Live Sign-in Assistant (x32 Version: 5.000.818.6 - Microsoft Corporation)Windows Live Sync (x32 Version: 14.0.8050.1202 - Microsoft Corporation)Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) HiddenYahoo! Install Manager (x32 Version: - ) ==================== Restore Points ========================= 20-12-2013 06:13:09 Scheduled Checkpoint21-12-2013 06:00:03 Scheduled Checkpoint22-12-2013 06:00:02 Scheduled Checkpoint25-12-2013 03:51:20 Scheduled Checkpoint26-12-2013 06:00:05 Scheduled Checkpoint04-01-2014 02:19:53 Scheduled Checkpoint05-01-2014 06:25:03 Scheduled Checkpoint08-01-2014 03:46:57 Scheduled Checkpoint09-01-2014 06:00:03 Scheduled Checkpoint12-01-2014 10:29:12 Scheduled Checkpoint13-01-2014 10:40:13 Scheduled Checkpoint16-01-2014 09:00:16 Windows Update21-01-2014 10:09:08 Scheduled Checkpoint22-01-2014 04:04:18 Scheduled Checkpoint23-01-2014 09:51:12 Scheduled Checkpoint25-01-2014 00:54:03 Scheduled Checkpoint26-01-2014 06:00:02 Scheduled Checkpoint27-01-2014 11:22:01 Scheduled Checkpoint30-01-2014 14:37:01 Scheduled Checkpoint01-02-2014 03:21:50 Scheduled Checkpoint04-02-2014 05:05:54 Scheduled Checkpoint05-02-2014 04:05:17 Scheduled Checkpoint07-02-2014 21:39:15 Scheduled Checkpoint08-02-2014 14:21:14 Windows Update08-02-2014 14:25:26 Installed Java 7 Update 5109-02-2014 12:28:03 Scheduled Checkpoint11-02-2014 19:40:58 AA1112-02-2014 09:00:17 Windows Update13-02-2014 23:36:19 Removed Java 6 Update 1113-02-2014 23:37:23 Removed Java 7 Update 3 (64-bit)14-02-2014 00:08:26 AA11 ==================== Hosts content: ========================== 2006-11-02 06:34 - 2012-03-21 12:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {0AF0B53D-7C90-4146-811B-8998C61F8335} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {15CF3666-21DE-4B92-AB65-F6F268D1187F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {28234DC5-0E11-454B-AF5B-D6B6C7930ECF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {6994F916-0D8E-4F81-B4DC-DAD2619410A5} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {940C54B8-C919-47B8-9499-A95669FDB302} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {A3F55654-6962-4F76-8BFF-203863DD4232} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)Task: {B6E964AD-700E-480C-B115-DCC4EDF6A19E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02] (Google Inc.)Task: {D187BC44-C746-4659-ABE8-9AF4E32C04A5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exeTask: {E8098A9C-B9D4-4BB7-BCB6-29299CA18EDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-02] (Google Inc.)Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll2010-08-11 13:19 - 2009-07-27 03:35 - 00016720 _____ () C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\Resource\en-US\platformdependent\TPResource.dll.mui2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-08-01 19:00 - 2010-03-19 20:58 - 00325632 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtXml4.dll2013-08-01 19:00 - 2010-03-19 20:58 - 01954304 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtCore4.dll2013-08-01 19:00 - 2010-03-19 20:58 - 07187456 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtGui4.dll2013-08-01 19:00 - 2010-03-19 20:58 - 00847360 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtNetwork4.dll2013-08-01 19:00 - 2013-02-27 12:56 - 00309248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\DigiDoFlavor.dll2013-09-07 20:08 - 2012-01-31 13:43 - 00119808 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\imageformats\qjpeg4.dll2013-09-07 20:08 - 2013-02-27 13:34 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG860ALOC.dll2013-09-07 20:08 - 2013-02-27 13:30 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG852GLOC.dll2013-09-07 20:08 - 2013-02-27 13:32 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG862GLOC.dll2013-09-07 20:08 - 2013-02-27 13:25 - 01789952 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\MotorolaSBG900LOC.dll2013-09-07 20:08 - 2013-02-27 13:29 - 01760256 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\NetgearWNR1000v3LOC.dll2013-09-07 20:08 - 2013-02-27 13:35 - 01762816 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\UbeeDVW3201BLOC.dll2013-08-01 19:00 - 2013-02-27 14:19 - 00023376 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyServicePS.dll2014-02-11 04:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-02-11 04:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-02-11 04:20 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-02-11 04:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll2014-02-11 04:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exeMSCONFIG\startupreg: SysTrayApp => %ProgramFiles(x86)%\IDT\WDM\sttray64.exe ==================== Faulty Device Manager Devices ============= Name: facap, FastAccess Video CaptureDescription: facap, FastAccess Video CaptureClass Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: Sensible VisionService: FACAPProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (02/13/2014 06:16:17 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/13/2014 06:15:08 PM) (Source: Bonjour Service) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 33.43.168.192.in-addr.arpa. PTR Owner-PC.local. Error: (02/13/2014 06:15:08 PM) (Source: Bonjour Service) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.43.33:5353 18 33.43.168.192.in-addr.arpa. PTR Owner-PC-2.local. Error: (02/13/2014 06:05:07 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/13/2014 06:03:46 PM) (Source: Bonjour Service) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 33.43.168.192.in-addr.arpa. PTR Owner-PC.local. Error: (02/13/2014 06:03:46 PM) (Source: Bonjour Service) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.43.33:5353 18 33.43.168.192.in-addr.arpa. PTR Owner-PC-2.local. Error: (02/13/2014 05:59:28 PM) (Source: Application Error) (User: )Description: Faulting application PCProtect.exe, version 2.2.8.4, time stamp 0x52ccc097, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x1005c547,process id 0x16dc, application start time 0xPCProtect.exe0. Error: (02/13/2014 05:45:14 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/13/2014 05:41:18 PM) (Source: EventSystem) (User: )Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (02/13/2014 05:28:24 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8559010 System errors:============= Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2014-02-11 06:12:52.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\User Share this post Link to post Share on other sites
Juliet Report post Posted February 14, 2014 pfhew! Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => File Not Found AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => File Not Found URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.js FF SelectedSearchEngine: SecureSearch FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1 FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-08] FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1 FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION cmd: netsh winsock reset S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain C:\Windows\SysWOW64\PCProtect.ini C:\Windows\SysWOW64\PCProtectOff.ini C:\Windows\system32\PCProtectOff.ini C:\Windows\system32\PCProtect64.dll C:\Windows\SysWOW64\PCProtect.dll C:\Program Files (x86)\Web Protect C:\Users\Owner\AppData\Roaming\CompuClever 2014-02-08 08:57 - 2014-02-13 17:56 - 00000000 ____D () C:\Program Files (x86)\CompuClever 2014-02-08 08:57 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver 2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe 2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exe Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system ***************************** I know you may have run these next 2 tools but, time to run them again -AdwCleaner-by Xplode Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advertisment. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. let me see: Fixlog.txt C:\AdwCleaner[s1].txt JRT.txt are there any improvements? Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 14, 2014 Juliet, Everytime I run a fix so far, I have seen improvements. This last batch has really helped allot. Don't seem to be seeing pop-ups and the reboots are becoming much faster. Ran the scans as instructed and log files are below. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01Ran by Owner at 2014-02-14 10:16:56 Run:1Running from C:\Users\Owner\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************startHKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exeAppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => File Not FoundAppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => File Not FoundURLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileSearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....ms}&fr=chr-tyc8BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-x32: No Name - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No FileBHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileToolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileHandler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No FileHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No FileFF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.jsFF SelectedSearchEngine: SecureSearchFF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-08]FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.comCHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xmlCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONcmd: netsh winsock resetS2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMainC:\Windows\SysWOW64\PCProtect.iniC:\Windows\SysWOW64\PCProtectOff.iniC:\Windows\system32\PCProtectOff.iniC:\Windows\system32\PCProtect64.dllC:\Windows\SysWOW64\PCProtect.dllC:\Program Files (x86)\Web ProtectC:\Users\Owner\AppData\Roaming\CompuClever2014-02-08 08:57 - 2014-02-13 17:56 - 00000000 ____D () C:\Program Files (x86)\CompuClever2014-02-08 08:57 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\SySaver2014-02-02 20:01 - 2014-02-02 20:01 - 00487501 _____ () C:\monitor.exe2014-02-02 20:00 - 2014-02-02 20:00 - 00034244 _____ () C:\monitorsvc.exeTask: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesend ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value deleted successfully."C:\\PROGRA~2\\OPTIMI~1\\OPTPRO~2.DLL" => Value Data removed successfully."c:\\progra~2\\optimi~1\\optpro~1.dll" => Value Data removed successfully.HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key deleted successfully.HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKCR\PROTOCOLS\Handler\cozi => Key deleted successfully.HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F} => Key deleted successfully.HKCR\PROTOCOLS\Handler\tmtb => Key deleted successfully.HKCR\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} => Key deleted successfully.C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\user.js => Moved successfully.Firefox SelectedSearchEngine deleted successfully.Firefox homepage deleted successfully.C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org => Moved successfully.HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\gethighlightly@gethighlightly.com => Value deleted successfully.CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-11&ent=hp&u=AD0263EC4EEB2757EFCD9252FA7D56F1 ==> The Chrome "Settings" can be used to fix the entry.C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml => Moved successfully.HKLM\SOFTWARE\Policies\Google => Key deleted successfully.HKCU\SOFTWARE\Policies\Google => Key deleted successfully. ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= 70e6ca8c => Service deleted successfully.C:\Windows\SysWOW64\PCProtect.ini => Moved successfully.C:\Windows\SysWOW64\PCProtectOff.ini => Moved successfully.C:\Windows\system32\PCProtectOff.ini => Moved successfully.C:\Windows\system32\PCProtect64.dll => Moved successfully.C:\Windows\SysWOW64\PCProtect.dll => Moved successfully.C:\Program Files (x86)\Web Protect => Moved successfully.C:\Users\Owner\AppData\Roaming\CompuClever => Moved successfully.C:\Program Files (x86)\CompuClever => Moved successfully.C:\Users\Owner\AppData\Local\SySaver => Moved successfully.Could not move "C:\monitor.exe" => Scheduled to move on reboot.C:\monitorsvc.exe => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-14 10:19:09)<= C:\monitor.exe => Is moved successfully. ==== End of Fixlog ==== # AdwCleaner v3.018 - Report created 14/02/2014 at 10:26:06# Updated 28/01/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Owner - OWNER-PC# Running from : C:\Users\Owner\Desktop\repair files\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\facemoods.com[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\FunWebProducts[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\MyWebSearch ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtnKey Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{929801A8-4AEF-4D12-BE31-D85BF666452B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web ProductsKey Deleted : HKCU\Software\AppDataLow\Software\FunWebProductsKey Deleted : HKCU\Software\AppDataLow\Software\MyWebSearchKey Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar CleanerKey Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16533 -\\ Mozilla Firefox v11.0 (en-US) [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.default\prefs.js ] -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url ************************* AdwCleaner[R0].txt - [3889 octets] - [14/02/2014 10:24:05]AdwCleaner[s0].txt - [3578 octets] - [14/02/2014 10:26:06] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3638 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows Vista Home Premium x64Ran by Owner on Fri 02/14/2014 at 10:33:33.23~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 02/14/2014 at 10:44:12.02End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Share this post Link to post Share on other sites
Juliet Report post Posted February 14, 2014 Everytime I run a fix so far, I have seen improvements. This last batch has really helped allot. Don't seem to be seeing pop-ups and the reboots are becoming much faster. it's a miracle! no joking. I was very happy to hear that because this machine was nearly kaputs! change Chrome Settings HomePage https://support.google.com/chrome/answer/95314?hl=en Do the above if it needs to be done. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These next 2 scanners will let us know if anything is left. Please Run TFC by OldTimer to clear temporary files: Download TFC from here http://oldtimer.geekstogo.com/TFC.exe and save it to your desktop. Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Then restart the computer ~~~~~~~~~~~~~~~~~~ Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ~~~~~~~~~~~~~~~~~~~~~~~~~~` Go here to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activeX control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan completes, press the LIST OF THREATS FOUND button Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply. Press the BACK button. Press Finish Post: MBAM log Eset online log Share this post Link to post Share on other sites
Juliet Report post Posted February 14, 2014 Also wanted to mention: An out dated antivirus does no good. I also saw Adaware antivirus, I don't know much about this software so I cannot recommend using it. This machine needs antivirus protection. Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down. Microsoft Security Essentials AVAST Home Edition AntiVir Personal When doing installs, try to do a custom install to opt out of added tool bars and extra search options. Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 15, 2014 Juliet, I had some problems getting TFC to run all the way. It would clean the user temp files then get stuck. I did get it to run to completion finally after deleting it, shutting down, rebooting and redownloading the file (maybe a corrupt file?) anyways, it did run to completion. I deleted chrome and all settings with it as my brother asked me to get rid of it cause he didn't care for it. MBAM log below - No ESET log - came up clean I am going to remove trendmicro and install avast Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.15.02 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Owner :: OWNER-PC [administrator] 2/14/2014 8:04:11 PMmbam-log-2014-02-14 (20-04-11).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 216141Time elapsed: 4 minute(s), 58 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully. Registry Values Detected: 1HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Owner\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully. (end) Share this post Link to post Share on other sites
Juliet Report post Posted February 15, 2014 No idea what happened to TFC. Install antivirus as soon as you can, no computer needs to be on the internet without protection. Good, Chrome is gone. You haven't mentioned how things are for the moment, let's run a new FRST scan and check for remnants. Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 15, 2014 Juliet, I have uninstalled the trend micro suite and have installed avast. MBAM was giving me the "trial time has ended" notification so I also removed that. I have updated super anti-spyware as it kept telling me there was an update. Sorry for not giving an update - it's amazing how quick this has turned around. Everything is so responsive again! No pop-ups or tabs opening up when I click on a link in your posts. I wish I had the knowledge you all have to remove this stuff. FRST log below Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01Ran by Owner (administrator) on OWNER-PC on 15-02-2014 12:28:51Running from C:\Users\Owner\Desktop\repair filesWindows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe() C:\Windows\System32\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Dell Inc.) C:\Windows\System32\bcmwltry.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Dell Inc.) C:\Windows\System32\WLTRAY.EXE(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel Corporation) C:\Windows\system32\igfxsrvc.exe(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUi.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-22] (IDT, Inc.)HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95488 2008-09-05] (Sensible Vision )HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exeHKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)HKLM-x32\...\Run: [FAStartup] - [X]HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-15] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lockHKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-14] (SUPERAntiSpyware)HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No FileBHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No FileBHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No FileBHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No FileToolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.27.4 FireFox:========FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c7lu1a5y.defaultFF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileFF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-15] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-23] (SUPERAntiSpyware.com)R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-22] (Andrea Electronics Corporation)R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-15] (AVAST Software)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-22] (IDT, Inc.)R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.)S2 ProtectMonitor; C:\monitorsvc.exe [X]S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-15] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-02-15] (AVAST Software)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-15] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-15] (AVAST Software)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-15] (AVAST Software)R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-02-15] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-15] ()S1 Beep; No ImagePathS3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [114856 2007-07-03] (MCCI Corporation)S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-15 12:22 - 2014-02-15 12:22 - 00001831 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-02-15 12:22 - 2014-02-15 12:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software2014-02-15 12:21 - 2014-02-15 12:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-02-15 12:21 - 2014-02-15 12:21 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-02-15 12:21 - 2014-02-15 12:21 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-02-15 12:20 - 2014-02-15 12:20 - 00000000 ____D () C:\Program Files\AVAST Software2014-02-15 12:18 - 2014-02-15 12:18 - 00000000 ____D () C:\ProgramData\AVAST Software2014-02-14 19:55 - 2014-02-14 19:55 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-02-14 11:14 - 2014-02-14 11:14 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2014-02-14 11:11 - 2014-02-14 11:14 - 00000000 ____D () C:\Program Files\Java2014-02-14 10:33 - 2014-02-14 10:33 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 10:23 - 2014-02-14 10:26 - 00000000 ____D () C:\AdwCleaner2014-02-13 18:29 - 2014-02-15 12:28 - 00000000 ____D () C:\FRST2014-02-12 03:10 - 2014-02-05 04:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-12 03:10 - 2014-02-05 04:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-12 03:10 - 2014-02-05 04:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-12 03:10 - 2014-02-05 03:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-12 03:10 - 2014-02-05 03:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-12 03:10 - 2014-02-05 03:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-12 03:10 - 2014-02-05 03:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-02-12 03:10 - 2014-02-05 03:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-12 03:10 - 2014-02-05 03:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-12 03:10 - 2014-02-05 03:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-12 03:10 - 2014-02-05 03:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-12 03:10 - 2014-02-05 03:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-12 03:10 - 2014-02-05 03:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-02-12 03:10 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-12 03:10 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-12 03:10 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-12 03:10 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-12 03:10 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-12 03:10 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-12 03:10 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-02-12 03:10 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-12 03:10 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-02-12 03:10 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-12 03:10 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-12 03:10 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-12 03:10 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-12 03:10 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-12 03:10 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-02-12 03:10 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-12 00:14 - 2013-12-04 22:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-02-12 00:14 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics2014-02-11 13:42 - 2014-02-13 18:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe2014-02-11 13:22 - 2014-02-11 13:23 - 00006206 _____ () C:\Windows\wininit.ini2014-02-11 04:20 - 2014-02-15 12:12 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2014-02-11 04:20 - 2014-02-12 03:26 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2014-02-11 04:20 - 2014-02-11 13:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2014-02-11 04:20 - 2014-02-11 04:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)2014-02-11 04:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-02-11 03:46 - 2014-02-15 12:28 - 00000000 ____D () C:\Users\Owner\Desktop\repair files2014-02-09 12:43 - 2014-02-13 13:18 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin2014-02-08 08:27 - 2014-02-08 08:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== One Month Modified Files and Folders ======= 2014-02-15 12:28 - 2014-02-13 18:29 - 00000000 ____D () C:\FRST2014-02-15 12:28 - 2014-02-11 03:46 - 00000000 ____D () C:\Users\Owner\Desktop\repair files2014-02-15 12:22 - 2014-02-15 12:22 - 00001831 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-02-15 12:22 - 2014-02-15 12:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software2014-02-15 12:22 - 2014-02-15 12:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-02-15 12:21 - 2014-02-15 12:21 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-02-15 12:21 - 2014-02-15 12:21 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys2014-02-15 12:21 - 2014-02-15 12:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-02-15 12:20 - 2014-02-15 12:20 - 00000000 ____D () C:\Program Files\AVAST Software2014-02-15 12:18 - 2014-02-15 12:18 - 00000000 ____D () C:\ProgramData\AVAST Software2014-02-15 12:18 - 2009-04-04 23:53 - 02075153 _____ () C:\Windows\WindowsUpdate.log2014-02-15 12:12 - 2014-02-11 04:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2014-02-15 12:12 - 2010-09-14 20:45 - 00000000 ____D () C:\ProgramData\Kodak2014-02-15 12:12 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-15 12:12 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-02-15 12:12 - 2006-11-02 09:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-02-15 12:11 - 2006-11-02 09:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-02-15 12:07 - 2010-08-11 13:12 - 00080046 _____ () C:\Windows\PFRO.log2014-02-15 12:06 - 2009-04-05 05:35 - 00000000 ____D () C:\ProgramData\Trend Micro2014-02-14 19:55 - 2014-02-14 19:55 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-02-14 11:14 - 2014-02-14 11:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-02-14 11:14 - 2014-02-14 11:14 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2014-02-14 11:14 - 2014-02-14 11:11 - 00000000 ____D () C:\Program Files\Java2014-02-14 10:54 - 2010-10-02 20:05 - 00000000 ____D () C:\Program Files (x86)\Google2014-02-14 10:53 - 2010-10-02 20:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google2014-02-14 10:53 - 2009-04-29 08:38 - 00000907 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-02-14 10:48 - 2012-03-17 13:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-02-14 10:33 - 2014-02-14 10:33 - 00000000 ____D () C:\Windows\ERUNT2014-02-14 10:26 - 2014-02-14 10:23 - 00000000 ____D () C:\AdwCleaner2014-02-13 18:11 - 2012-03-16 20:37 - 00000000 ____D () C:\ProgramData\Lavasoft2014-02-13 18:06 - 2014-02-11 13:42 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-02-13 17:33 - 2010-03-23 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-02-13 13:18 - 2014-02-09 12:43 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin2014-02-12 03:26 - 2014-02-11 04:20 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2014-02-12 03:26 - 2012-03-17 17:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-02-12 03:15 - 2006-11-02 06:46 - 00719076 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-11 14:06 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\LavasoftStatistics2014-02-11 13:42 - 2014-02-11 13:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SecureSearch2014-02-11 13:40 - 2014-02-11 13:40 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe2014-02-11 13:27 - 2014-02-11 04:20 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job2014-02-11 13:23 - 2014-02-11 13:22 - 00006206 _____ () C:\Windows\wininit.ini2014-02-11 13:21 - 2009-04-29 08:37 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-02-11 04:23 - 2014-02-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-02-11 04:20 - 2014-02-11 04:20 - 00003794 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003440 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)2014-02-11 04:20 - 2014-02-11 04:20 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)2014-02-08 08:26 - 2014-02-08 08:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-02-08 08:26 - 2014-02-08 08:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-02-05 04:19 - 2014-02-12 03:10 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-05 04:02 - 2014-02-12 03:10 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-05 04:00 - 2014-02-12 03:10 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-05 03:54 - 2014-02-12 03:10 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-05 03:54 - 2014-02-12 03:10 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-05 03:52 - 2014-02-12 03:10 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-05 03:52 - 2014-02-12 03:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-02-05 03:52 - 2014-02-12 03:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-05 03:51 - 2014-02-12 03:10 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-05 03:51 - 2014-02-12 03:10 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-05 03:50 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-05 03:50 - 2014-02-12 03:10 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-05 03:50 - 2014-02-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-02-05 02:58 - 2014-02-12 03:10 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-05 02:56 - 2014-02-12 03:10 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-05 02:53 - 2014-02-12 03:10 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-05 02:51 - 2014-02-12 03:10 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-05 02:50 - 2014-02-12 03:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-05 02:49 - 2014-02-12 03:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-05 02:49 - 2014-02-12 03:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-02-05 02:48 - 2014-02-12 03:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-05 02:48 - 2014-02-12 03:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-02-05 02:48 - 2014-02-12 03:10 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-05 02:48 - 2014-02-12 03:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-05 02:48 - 2014-02-12 03:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-05 02:47 - 2014-02-12 03:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-05 02:47 - 2014-02-12 03:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-05 02:47 - 2014-02-12 03:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-02-05 02:46 - 2014-02-12 03:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-01-30 20:40 - 2010-10-15 21:03 - 00000000 ____D () C:\Windows\system32\Service2014-01-16 03:04 - 2009-05-10 11:21 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-01-16 03:03 - 2013-08-14 02:06 - 00000000 ____D () C:\Windows\system32\MRT2014-01-16 03:00 - 2006-11-02 06:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\atl80.dllC:\Users\Owner\AppData\Local\Temp\mfc80.dllC:\Users\Owner\AppData\Local\Temp\mfc80u.dllC:\Users\Owner\AppData\Local\Temp\mfcm80.dllC:\Users\Owner\AppData\Local\Temp\mfcm80u.dllC:\Users\Owner\AppData\Local\Temp\msvcm80.dllC:\Users\Owner\AppData\Local\Temp\msvcp80.dllC:\Users\Owner\AppData\Local\Temp\msvcr80.dllC:\Users\Owner\AppData\Local\Temp\TmDbg32.dllC:\Users\Owner\AppData\Local\Temp\TmDbg64.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-15 12:18 ==================== End Of Log ============================ Share this post Link to post Share on other sites
Juliet Report post Posted February 15, 2014 Sorry for not giving an update - it's amazing how quick this has turned around. Everything is so responsive again! No pop-ups or tabs opening up when I click on a link in your posts. I wish I had the knowledge you all have to remove this stuff. It's come a long way considering where it came from, and actually went easier then I expected. It's always good news to hear things are running better. I also teach malware removal, interested? What I see from the last scan are remnants from an incomplete uninstall of Trend Micro that we can remove. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No File S2 ProtectMonitor; C:\monitorsvc.exe end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Also, let me know if we're ready for preventive tips. Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 15, 2014 Juliet, Everytime that I ask for help in here the results are noticed very quickly. I am interested in learning the process of removal, I know that it's something that a person needs to keep up on as it keeps changing all the time in how deep things get. FRST ran with no issues again - log is below I do notice a few items on the desktop that are still around - there are 3 files 1- trend micro vault - it looks like just a placeholder - there is no "icon" for it, just the unknown file type look 2 & 3 - desktop.ini - there is 2 of these? Not sure if I can just go ahead and delete these? One of the ini files was created in 2006 and modified in 2008, the other ini file was created in 2009 and the vault I can't even get properties on. Otherwise, yes I would say we're ready for the tips and to close up shop. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01Ran by Owner at 2014-02-15 15:10:14 Run:2Running from C:\Users\Owner\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-1833199101-2389490039-2415685918-1000\...\Run: [TrendSecure Remote File Lock] - C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lockBHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No FileToolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll No FileS2 ProtectMonitor;C:\monitorsvc.exeend ***************** HKU\S-1-5-21-1833199101-2389490039-2415685918-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TrendSecure Remote File Lock => Value deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18} => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Value deleted successfully.HKCR\Wow6432Node\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => Key deleted successfully.ProtectMonitor => Service deleted successfully."C:\monitorsvc.exe" => File/Directory not found. ==== End of Fixlog ==== Share this post Link to post Share on other sites
Juliet Report post Posted February 16, 2014 http://docs.trendmicro.com/en-us/consumer/titanium2012/tools/trend-micro-vault.aspx By keeping sensitive files inside the Trend Micro Vault, you can prevent others from opening them if your computer is lost or stolen. Unlocking the Vault To unlock the Trend Micro Vault, right-click the desktop icon and select Unlock Vault, and then provide your password. As a protective measure, the Trend Micro Vault regularly checks online if the computer has been reported lost or stolen. Once you access the Report Lost service, the vault seals automatically. you may need your brother to supply a password for this? 2 & 3 - desktop.ini - there is 2 of these?It is caused if we unchecked the option "Hide protected operating system files" in Folder Options. alter settings in Folder Options to not display 'Hidden files and folders' and to 'Hide protected operating system files'. those should disappear. ~~~~~~~~~~~~~~~~~~~~~~~~~~~ WTT Classroom You may use my name as reference. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Run FRST/FRST64 and press the Fix button just once and wait. no needed to post the log this time. start DeleteQuarantine: end Any other tools you can manually delete. ******************************************** Your good to go, good job! Please take the time to read over a few of my preventive tips. Computer Security http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Be prepared for CryptoLocker: Cryptolocker Ransomware: What You Need To Know CryptoLocker Ransomware Information Guide and FAQ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows. Firefox 3 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. AdblockPlus AdblockPlus, Surf the web without annoying ads! Blocks banners, pop-ups and video ads - even on Facebook and YouTube Protects your online privacy Two-click installation, It's free! click the icon that corresponds to your browser and download. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE. Green should be good to go Yellow for caution Red to stop WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/ and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755 I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/)) Avoid P2P P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. Please read these short reports on the dangers of peer-2-peer programs and file sharing. FBI Cyber Education Letter USAToday infoworld ********************************************* Please read the following safe computing articles.. Secure My Computer: A Layered Approach Free Antivirus-AntiSpyware-Firewall Software Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 16, 2014 Juliet, The "vault" really isn't there, I can't right click on it and open it, just brings up explorer. I did a search for the issue and found the only way was through registry editor. Like I said it was an unknown file type icon. http://www.metahead.com/uninstall-trend-micro-vault I tried going through the cmd prompt like the site says but none of the directories for trend micro were left, at the bottom of the site is the directions to remove it using the editor. I thought about the ini files after I posted and wondered if the view hidden files was checked - you were right (of course). Thanks again so much ! Really appreciate the help and everything you and everyone does here! My brother better appreciate it as well. Share this post Link to post Share on other sites
Juliet Report post Posted February 16, 2014 Glad we could help. Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 16, 2014 Juliet - not sure if this is the proper place to continue this, his main concern to why it all started was the inability for some java stuff to run in internet explorer. He does allot of ebay selling and there is stuff in his myebay that has java scripts that run - dropdown boxes and the check all button. This still isn't working and it is only in IE that it's not. I tried it with firefox and everything works fine? I checked to make sure that java was enabled in the advanced settings and it is. Thanks Ben Share this post Link to post Share on other sites
WsW-WYATT-EARP Report post Posted February 16, 2014 Juliet - Hope you're not busting your head about this. I found some stuff in the ebay community just now that sent me to a link that said the compatibility view may be the culprit in IE 9. Low and behold - it was the issue. Thanks again for all your help! Ben Share this post Link to post Share on other sites
Juliet Report post Posted February 16, 2014 Make sure he has all the recent updates for Vista service pack and the most current version of IE. Glad the ebay community knew the answer. Share this post Link to post Share on other sites
Juliet Report post Posted February 17, 2014 Glad we could help. Since this issue appears resolved ... this Topic is closed. Share this post Link to post Share on other sites