Solved: Mr

obxtony · 06-Apr-2012, 05:18 AM #1

Hello again ...after a long absence!
I recently lost my wife and during the time I was carrying out my legal duties etc my Daughter and grandson were staying with me. I allowed my Grandson full use of my pc but since then it has not been working properly. Proggrames stop, when I type the typing stops, nwhen I try and connect either Yahoo messenger or MSN messenger the connection is intermittent. I bought and loaded the full version of AVG and ran a FULL scan. It came up with a LOT of viruses which it had removed, some it said it could NOT do so. These were all Trojan Horse_r.BFJ. I consequently bought and downloaded several other av's and scanned the pc. Many viruses were captured and removed and now when I do a full scan with AVG it sdays my pc is clean. However I still have the remaining problems that the pc is slow and again sometimes typing is intermittent. The messengers are both very bad still. When I first tried to download these Anti Viruses the pc would not let me so I had to download to a cd from a friends laptop. I also notice that my HP pc does not come with a windows 7 cd, so I have no way of doing a full system restore. ALSO!! I cannot restore my pc to a previous restore point.
Any help would be (as usual) greatfully accepted.
I beg you to remember that I am 74 years old and not the brightest spark in the fire!!
I hope I get these downloads right.
Again, with anticipation, my deepest thanks
obxtony (tony Cahill).
here is the Hijack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:03:27, on 04/04/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.woofi.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blek...4&tbp=homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.woofi.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll (file missing)
O1 - Hosts: 94.63.147.22 www.google.com
O1 - Hosts: 94.63.147.23 www.bing.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Paltalk Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetect...etection32.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab...i_4.1.71.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca...2.3.10.115.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/st...r_1.0.66.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: z12vwxn8ry232.dlla2pwj44x2ky32.dllgx4pxwbpl5r32.dll xngpel832.dllzmmgppy932.dllv98rwrukq3ik32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~2\Bandoo\Bandoo.exe (file missing)
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 20743 bytes

Here is the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by tony at 9:54:22 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6103.3915 [GMT 1:00]
.
AV: Doctor Web Anti-Virus *Disabled/Updated* {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Doctor Web Anti-Virus *Disabled/Updated* {13A08056-4630-4D73-AD50-7760EEADD551}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\DrWeb\spideragent.exe
C:\Program Files (x86)\DrWeb\dwservice.exe
C:\Program Files (x86)\DrWeb\dwnetfilter.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120403C51C45BCA912C390D5232A64& tbp=homepage
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie9
uSearch Page = hxxp://uk.woofi.info
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
mSearch Page = hxxp://uk.woofi.info
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: N/A: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll
mURLSearchHooks: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - MediaBar
BHO: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
BHO: PriceGong: {1631550f-191d-4826-b069-d9439253d926} - PriceGongBHO Class
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Paltalk Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Paltalk Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} -
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [TaskTray]
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: New Value #1 =
IE: &Search
IE: Check by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: z12vwxn8ry232.dlla2pwj44x2ky32.dllgx4pxwbpl5r32.dll xngpel832.dllzmmgppy932.dllv98rwrukq3ik32.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar
BHO-X64: MediaBar - No File
BHO-X64: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
BHO-X64: {1631550F-191D-4826-B069-D9439253D926} - PriceGongBHO Class
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO-X64: Blekko search bar - No File
BHO-X64: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO-X64: ALOT Appbar Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO-X64: Vuze Remote - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Paltalk Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Paltalk Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} -
TB-X64: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB-X64: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [TaskTray]
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
AppInit_DLLs-X64: z12vwxn8ry232.dlla2pwj44x2ky32.dllgx4pxwbpl5r32.dll xngpel832.dllzmmgppy932.dllv98rwrukq3ik32.dll
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
Hosts: 94.63.147.22 www.google.com
Hosts: 94.63.147.23 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 DwProt;DrWeb Protection;C:\Windows\system32\drivers\dwprot.sys --> C:\Windows\system32\drivers\dwprot.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefrag Driver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SpiderG3;DrWeb file system scanner;C:\Windows\system32\drivers\spiderg3.sys --> C:\Windows\system32\drivers\spiderg3.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DrWebWfp;DrWebWfp;C:\Windows\system32\drivers\dw_wfp.sys --> C:\Windows\system32\drivers\dw_wfp.sys [?]
R1 nnfwdk;Nielsen WFP Driver;C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2012-3-18 25648]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport \store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-7 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-3-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-3-7 296048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/07 20:24:33];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-1-7 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-9-25 159232]
R2 DrWebAVService;Dr.Web Control Service;C:\Program Files (x86)\DrWeb\dwservice.exe --loglevel=inf --logfile="C:\ProgramData\Doctor Web\Logs\dwservice.log" --> C:\Program Files (x86)\DrWeb\dwservice.exe --loglevel=inf --logfile=C:\ProgramData\Doctor Web\Logs\dwservice.log [?]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2012-4-5 1914792]
R2 DrWebNetFilter;Dr.Web Net Filtering Service;C:\Program Files (x86)\DrWeb\dwnetfilter.exe [2012-4-5 3031352]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-7 13336]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-3-17 821592]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-1 523136]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-3-7 976696]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-3-17 33184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-1-8 16392]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-3-17 21872]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-3-17 21384]
S4 NielsenUpdate;Nielsen Update;C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2012-3-18 306496]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-05 19:52:47 -------- d-sh--w- C:\DrWeb Quarantine
2012-04-05 19:52:11 -------- d-----w- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
2012-04-05 19:52:01 -------- d-----w- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
2012-04-05 19:51:23 -------- d-----w- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
2012-04-05 19:19:52 -------- d-----w- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
2012-04-05 19:19:19 -------- d-----w- C:\Users\tony\Doctor Web
2012-04-05 19:16:02 71896 ----a-w- C:\Windows\System32\drivers\dw_wfp.sys
2012-04-05 19:15:47 223960 ----a-w- C:\Windows\System32\drivers\spiderg3.sys
2012-04-05 19:15:43 206552 ----a-w- C:\Windows\System32\drivers\dwprot.sys
2012-04-05 19:15:24 -------- d-----w- C:\Program Files\Common Files\Doctor Web
2012-04-05 19:15:09 -------- d-----w- C:\Program Files (x86)\DrWeb
2012-04-04 20:20:17 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-04-04 19:39:39 691 ----a-w- C:\Users\tony\AppData\Roaming\GetValue.vbs
2012-04-04 19:39:39 35 ----a-w- C:\Users\tony\AppData\Roaming\SetValue.bat
2012-04-04 19:37:22 5288 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-04-04 19:16:41 388096 ----a-r- C:\Users\tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 19:16:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-04 13:11:54 -------- d-----w- C:\ProgramData\Doctor Web
2012-04-04 13:00:09 -------- d-----w- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
2012-04-04 12:59:33 -------- d-----w- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
2012-04-03 19:43:19 -------- d-----w- C:\Users\tony\AppData\Local\FileTypeAssistant
2012-04-03 19:42:07 -------- d-----w- C:\Program Files (x86)\File Type Assistant
2012-04-03 17:37:40 -------- d-----w- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
2012-04-03 17:37:15 -------- d-----w- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
2012-04-03 17:31:11 -------- d-----w- C:\Windows\en
2012-04-03 17:27:06 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-04-03 17:22:05 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49e3c6cc1cd11be05\bingbarsetup.exe
2012-04-03 17:21:40 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3ab9c82a1cd11be04\MeshBetaRemover.exe
2012-04-03 17:21:36 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DSETUP.dll
2012-04-03 17:21:36 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DXSETUP.exe
2012-04-03 17:21:36 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\dsetup32.dll
2012-04-03 17:20:25 -------- d-----w- C:\Users\tony\AppData\Roaming\PC Speed Maximizer
2012-04-03 16:51:00 -------- d-----w- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-04-03 16:50:38 -------- d-----w- C:\Program Files (x86)\blekkotb_soc
2012-04-03 16:49:57 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer
2012-04-03 16:49:47 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-04-03 16:49:21 -------- d-----w- C:\ProgramData\blekko toolbars
2012-04-03 13:07:27 -------- d-----w- C:\Users\tony\DoctorWeb
2012-04-03 12:18:46 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-04-03 12:18:43 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 14:36:00 -------- d-----w- C:\Users\tony\AppData\Roaming\AVG2012
2012-04-02 14:34:47 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-02 14:34:16 -------- d--h--w- C:\$AVG
2012-04-02 14:34:16 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-04-02 13:51:43 -------- d-----w- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
2012-04-02 13:19:23 -------- d-----w- C:\Program Files (x86)\Avast
2012-04-02 12:12:35 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1DCB5D8-88CF-4774-BB24-ABC59F0BCECC}\mpengine.dll
2012-04-02 11:35:53 -------- d-----w- C:\ProgramData\Alwil Software
2012-04-01 20:30:41 -------- d-----w- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
2012-04-01 19:20:57 -------- d-----w- C:\Program Files (x86)\Medea International Ltd
2012-04-01 19:10:05 -------- d-----w- C:\Program Files (x86)\Easy CD & DVD Cover Creator
2012-04-01 12:17:12 -------- d-----w- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
2012-04-01 08:22:24 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 07:45:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 20:40:48 -------- d-----w- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
2012-03-30 15:35:20 -------- d-----w- C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21}
2012-03-29 12:04:26 -------- d-----w- C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254}
2012-03-28 11:50:23 -------- d-----w- C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158}
2012-03-27 14:17:57 -------- d-----w- C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681}
2012-03-27 14:17:23 -------- d-----w- C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F}
2012-03-26 18:43:28 -------- d-----w- C:\Users\tony\AppData\Roaming\NCH Software
2012-03-26 18:24:45 -------- d-----w- C:\Users\tony\AppData\Local\TempDIR
2012-03-26 15:00:00 -------- d-----w- C:\Users\tony\AppData\Local\{AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0}
2012-03-26 14:59:26 -------- d-----w- C:\Users\tony\AppData\Local\{DB4E6178-9220-4CC1-A907-8C4A748864AC}
2012-03-25 12:24:43 -------- d-----w- C:\Users\tony\AppData\Local\{E70BEA43-EE38-4B90-A0D0-CC548B418F1E}
2012-03-25 12:24:32 -------- d-----w- C:\Users\tony\AppData\Local\{C174684F-B933-48DA-9705-55BAD924DFDC}
2012-03-24 11:25:14 -------- d-----w- C:\Users\tony\AppData\Local\{849B5759-7852-4C16-A587-DF56D1150EA5}
2012-03-24 11:24:40 -------- d-----w- C:\Users\tony\AppData\Local\{01FAD4A7-E417-4E09-9764-76CBE8829BDE}
2012-03-23 11:01:03 -------- d-----w- C:\Users\tony\AppData\Local\{A9929552-2911-405F-AA91-9BEA9F27082D}
2012-03-23 11:00:29 -------- d-----w- C:\Users\tony\AppData\Local\{4C5C1DF7-380F-4600-A527-60E56CD5BA2D}
2012-03-22 18:54:38 -------- d-----w- C:\Users\tony\AppData\Local\{94A1ECFB-DF46-47D2-B106-D853457126AE}
2012-03-22 18:54:04 -------- d-----w- C:\Users\tony\AppData\Local\{24D3FA49-06C1-44B6-B683-53686ADE2D5F}
2012-03-21 15:26:27 -------- d-----w- C:\Users\tony\AppData\Local\{DF9A6783-B1C2-445D-AD89-C2AB4C6478D0}
2012-03-21 15:25:54 -------- d-----w- C:\Users\tony\AppData\Local\{E32EE5AA-30BC-47D4-BC9E-A71A2B8E9136}
2012-03-21 12:45:26 -------- d-----w- C:\Users\tony\AppData\Local\{834ED68F-4F61-465C-B4AC-F1884944BBE2}
2012-03-20 21:27:58 -------- d-----w- C:\Users\tony\AppData\Local\{DC935FC3-0C2B-4127-BC0F-7D7E85337B0E}
2012-03-20 21:27:24 -------- d-----w- C:\Users\tony\AppData\Local\{4245FF05-0B0E-49B7-A8EB-1CF0F3B774F5}
2012-03-19 10:01:41 -------- d-----w- C:\Users\tony\AppData\Local\{AD552651-31B8-4E97-84C9-C49E8D7D9AC6}
2012-03-19 10:01:07 -------- d-----w- C:\Users\tony\AppData\Local\{07D25B5A-17C4-4616-AAE1-020AB012BC1B}
2012-03-18 14:17:06 -------- d-----w- C:\Users\tony\AppData\Local\{C5D1C926-6914-430D-9D25-E9EB099BCDAE}
2012-03-18 14:16:43 -------- d-----w- C:\Users\tony\AppData\Local\{17022418-EFB5-48E8-8915-60F28EEA680A}
2012-03-18 13:55:12 -------- d-----w- C:\Program Files (x86)\NetRatingsNetSight
2012-03-17 19:27:31 -------- d-----w- C:\Users\tony\AppData\Local\{C7291D45-499C-4F2A-9EA0-E2AE88AEA7B5}
2012-03-17 19:27:11 -------- d-----w- C:\Users\tony\AppData\Local\{EEE64569-14D4-47ED-A8A7-6741340A89F9}
2012-03-17 19:07:15 -------- d-----w- C:\Windows\SysWow64\TVUAx
2012-03-17 13:17:43 -------- d-----w- C:\ProgramData\2B3F
2012-03-17 09:42:38 -------- dc-h--w- C:\ProgramData\~0
2012-03-16 14:50:34 -------- d-----w- C:\Users\tony\AppData\Local\{4A92015F-8B2A-4231-A519-69C6F5680023}
2012-03-16 14:50:14 -------- d-----w- C:\Users\tony\AppData\Local\{63ACDDB5-591D-4101-922C-261D90664994}
2012-03-15 16:31:31 -------- d-----w- C:\Users\tony\AppData\Roaming\WildTangent
2012-03-15 15:51:17 -------- d-----w- C:\Users\tony\AppData\Local\{55F35A7D-3476-4475-AF8C-D88979F17CC6}
2012-03-15 15:50:56 -------- d-----w- C:\Users\tony\AppData\Local\{CD3F0C06-74D2-4139-8771-DC8D9B94E9D5}
2012-03-14 15:57:49 -------- d-----w- C:\Users\tony\AppData\Local\{3EE7F7A3-C7D2-4E21-900D-B1E9629FE9A1}
2012-03-14 15:57:29 -------- d-----w- C:\Users\tony\AppData\Local\{34225C47-E35C-4AE5-867C-46777366C0AC}
2012-03-13 16:36:54 -------- d-----w- C:\Users\tony\AppData\Local\{7DC91A46-5D37-48E8-A060-108191ACD86F}
2012-03-13 16:36:33 -------- d-----w- C:\Users\tony\AppData\Local\{50243C6D-E12B-4D34-BF69-9DE3A099A3B5}
2012-03-12 14:40:03 -------- d-----w- C:\Users\tony\AppData\Local\{C6105D5A-7429-410C-968F-7BCADE6F32C2}
2012-03-12 14:39:42 -------- d-----w- C:\Users\tony\AppData\Local\{94863E65-1D04-4CB6-9EE1-8FF9AEC2DB8F}
2012-03-11 16:48:05 -------- d-----w- C:\Users\tony\AppData\Local\{5336C159-AB8F-4C52-9643-B6D835F16802}
2012-03-11 16:47:43 -------- d-----w- C:\Users\tony\AppData\Local\{19A98F3E-359A-433F-90C3-D29D4BDCDF1D}
2012-03-10 16:37:17 -------- d-----w- C:\Users\tony\AppData\Local\{39A1E9AB-C72B-491E-8F0B-7B8E1B847C79}
2012-03-10 16:36:55 -------- d-----w- C:\Users\tony\AppData\Local\{92D45C58-A3F9-46C5-89EB-F09A52E7429D}
2012-03-10 15:13:40 -------- d-----w- C:\Users\tony\AppData\Local\{E2DDEE71-C799-4DB2-8024-432630E434E1}
2012-03-09 19:09:34 -------- d-----w- C:\Users\tony\AppData\Local\{39E7FC80-45A4-47FA-8E51-32D4DFF92053}
2012-03-09 19:09:14 -------- d-----w- C:\Users\tony\AppData\Local\{5375588E-106D-4DE8-B40C-5836B3A3156F}
2012-03-09 15:59:47 -------- d-----w- C:\Program Files (x86)\BANDOO
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-08 15:57:17 -------- d-----w- C:\Users\tony\AppData\Local\{2150B0C7-FB93-4142-B443-F2C81B3B60FF}
2012-03-08 15:56:57 -------- d-----w- C:\Users\tony\AppData\Local\{5EEFA0E6-B162-48E2-958D-4875C5B02E2C}
2012-03-08 15:51:50 -------- d-----w- C:\ProgramData\AMD
2012-03-08 15:51:49 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-08 15:51:47 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-07 14:56:18 -------- d-----w- C:\Users\tony\AppData\Local\{7103364B-6267-43B4-BDBD-3AEE6F35A994}
2012-03-07 14:55:56 -------- d-----w- C:\Users\tony\AppData\Local\{FD50A641-5E44-4FE3-92A3-05F7BECABA58}
.
==================== Find3M ====================
.
2012-04-01 08:22:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-25 19:13:06 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-25 19:13:06 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-25 19:12:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-20 21:32:48 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-07 20:12:58 101360 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 04:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 04:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-14 22:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 22:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 22:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 22:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 22:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 22:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 22:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 22:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-01-31 06:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 06:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-31 03:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-18 06:44:52 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2012-01-18 06:44:40 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2012-01-18 06:44:36 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2012-01-18 06:44:36 4865568 ----a-w- C:\Windows\System32\drivers\LVUVC64.sys
2012-01-18 06:44:28 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2012-01-18 06:44:28 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2012-01-18 06:44:26 307488 ----a-w- C:\Windows\SysWow64\LVCodec2.dll
2012-01-18 06:44:26 263456 ----a-w- C:\Windows\System32\lvco13311044.dll
2012-01-18 06:44:26 176416 ----a-w- C:\Windows\System32\LVCod64.dll
2012-01-18 06:23:12 38958 ----a-w- C:\Windows\System32\Repository.reg
.
============= FINISH: 9:54:46.67 ===============

Here is the Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/03/2010 20:32:35
System Uptime: 06/04/2012 09:03:32 (0 hours ago)
.
Motherboard: MSI | | IONA
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1385 GiB total, 949.388 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.724 GiB free.
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removabledds attach.txt
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP489: 03/03/2012 18:54:01 - Revo Uninstaller's restore point - Battlelog Web Plugins
RP490: 03/03/2012 18:58:02 - Revo Uninstaller's restore point - Origin
RP491: 05/03/2012 10:55:01 - Installed Rapport
RP492: 05/03/2012 15:44:43 - CheckIfInstallerIsBusy
RP493: 05/03/2012 15:46:20 - Windows Live Essentials
RP494: 05/03/2012 15:47:15 - Installed DirectX
RP495: 05/03/2012 15:47:36 - Installed DirectX
RP496: 05/03/2012 15:49:32 - WLSetup
RP497: 08/03/2012 15:35:18 - Installed Rapport
RP498: 10/03/2012 13:20:55 - Revo Uninstaller's restore point - Bing Bar
RP499: 17/03/2012 17:01:00 - Scheduled Checkpoint
RP500: 17/03/2012 18:56:35 - Revo Uninstaller's restore point - iMesh
RP501: 18/03/2012 11:47:01 - HPSF Restore Point
RP502: 23/03/2012 20:36:37 - Revo Uninstaller's restore point - World of Tanks
RP503: 26/03/2012 20:53:40 - IObit Uninstaller restore point
RP504: 26/03/2012 20:54:21 - IObit Uninstaller restore point
RP505: 26/03/2012 20:55:09 - Configured Power2Go
RP506: 29/03/2012 19:28:59 - Revo Uninstaller's restore point - eMule
RP507: 01/04/2012 20:20:39 - Installed exPressit SE
RP508: 02/04/2012 12:35:35 - avast! Free Antivirus Setup
RP509: 02/04/2012 12:54:27 - IObit Uninstaller restore point
RP510: 02/04/2012 12:55:40 - Removed AVG 2012
RP511: 02/04/2012 12:57:42 - Removed AVG 2012
RP513: 02/04/2012 13:12:13 - IObit Uninstaller restore point
RP512: 02/04/2012 13:12:13 - Windows Update
RP514: 02/04/2012 13:42:08 - IObit Uninstaller restore point
RP515: 02/04/2012 13:58:05 - avast! Free Antivirus Setup
RP516: 02/04/2012 14:25:02 - IObit Uninstaller restore point
RP517: 02/04/2012 14:29:09 - IObit Uninstaller restore point
RP518: 02/04/2012 14:57:52 - avast! Pro Antivirus Setup
RP519: 02/04/2012 15:14:02 - IObit Uninstaller restore point
RP520: 02/04/2012 15:14:56 - avast! Pro Antivirus Setup
RP521: 02/04/2012 15:32:43 - Installed AVG 2012
RP522: 02/04/2012 15:33:04 - Installed AVG 2012
RP523: 03/04/2012 08:54:10 - IObit Uninstaller restore point
RP524: 03/04/2012 09:18:13 - Restore Operation
RP525: 03/04/2012 13:25:02 - Revo Uninstaller's restore point - WinMX
RP526: 03/04/2012 13:29:05 - Revo Uninstaller's restore point - Yahoo! BrowserPlus 2.9.8
RP527: 03/04/2012 13:32:56 - Revo Uninstaller's restore point - Yahoo! Software Update
RP528: 03/04/2012 13:36:31 - Revo Uninstaller's restore point - Windows Live Essentials
RP529: 03/04/2012 13:39:18 - Windows Live Essentials
RP530: 03/04/2012 13:39:46 - WLSetup
RP531: 03/04/2012 14:20:47 - Restore Operation
RP532: 03/04/2012 17:17:25 - Revo Uninstaller's restore point - Burn4Free CD & DVD 5.1.0.0
RP533: 03/04/2012 17:20:21 - Revo Uninstaller's restore point - exPressit S.E. 3.0
RP534: 03/04/2012 17:25:41 - Revo Uninstaller's restore point - Yahoo! Search Protection
RP535: 03/04/2012 17:57:49 - IObit Uninstaller restore point
RP536: 03/04/2012 18:00:45 - IObit Uninstaller restore point
RP537: 03/04/2012 18:20:26 - Windows Live Essentials
RP538: 03/04/2012 18:21:24 - IObit Uninstaller restore point
RP539: 03/04/2012 18:21:25 - Installed DirectX
RP540: 03/04/2012 18:22:20 - Installed DirectX
RP541: 03/04/2012 18:25:14 - WLSetup
RP542: 03/04/2012 21:36:19 - IObit Uninstaller restore point
RP543: 03/04/2012 21:42:19 - IObit Uninstaller restore point
RP544: 04/04/2012 14:11:28 - Installed Dr.Web Security Space 7.0.
RP545: 04/04/2012 15:29:38 - Windows Backup
RP546: 04/04/2012 20:14:09 - Installed HiJackThis
RP547: 05/04/2012 20:14:50 - Installed Dr.Web Security Space 7.0.
.
==== Installed Programs ======================
.
7-Zip 9.20
A.V.A
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Reader 9.5.0
Alliance of Valiant Arms
ALOT Appbar
Amazon Kindle
Anti-phishing Domain Advisor
Apple Application Support
Application Profiles
ArmA 2 Uninstall
Ask Toolbar
AVG PC Tuneup
AVS DVD Copy version 4.1.1
AVS Image Converter 1.3.1.136
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Battlefield 3™
Battlefield Play4Free
Battlefield: Bad Company™ 2
Battlelog Web Plugins
BearShare
Bing Bar
BitTornado 0.3.18
Blekko search bar
BT Broadband Desktop Help
BTHomeHub
Call of Duty(R) - World at War(TM)
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
CameraHelperMsi
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes Retail Beta
Compatibility Pack for the 2007 Office system
Conduit Engine
Cross Fire En
Crysis® 2
CyberLink DVD Suite Deluxe
D3DX10
Darkest Hour: Europe '44-'45
DirectX for Managed Code Update (Summer 2004)
Disketch CD Label Software
Download Manager 2.3.10
Download Updater (AOL LLC)
Dr.Web Security Space 7.0
DVD Menu Pack for HP MediaSmart Video
Easy CD and DVD Cover Creator 4.13
erLT
ESN Sonar
Express Burn Disc Burning Software
exPressit SE
F.E.A.R. 2: Project Origin
Far Cry 2
File Type Assistant
Free Download Manager 3.0
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Graboid Video 1.73
Hardware Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
Homefront
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Photo Creations
HP Photosmart Plus B210 series Help
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
HydraVision
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
IObit Malware Fighter
Java Auto Updater
Java(TM) 6 Update 26
JoneSoft MD5Mate v1.1.0
Junk Mail filter update
LabelPrint
LightScribe System Software
LimeWire 5.5.10
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Desktop
Malwarebytes' Anti-Malware
Maps4PC
Mare Nostrum
MediaBar
Men of War (Remove Only)
Men of War: Assault Squad
Men of War: Red Tide
Mesh Runtime
Messenger Companion
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MXpie Patch for WinMX Network/WPNP 3.6.3.6
MyFreeCodec
Nielsen
NoteWorthy Composer 2 Viewer
NVIDIA PhysX
OF Dragon Rising
OpenAL
Origin
PaltalkScene
PC Cleaner v3.0
PC Speed Maximizer v3.1
PowerDirector
PunkBuster Services
QuickTime
Radio Bar 1 Toolbar
Rapport
REACTOR
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Red Orchestra 2: Heroes of Stalingrad
Red Orchestra: Ostfront 41-45
Revo Uninstaller 1.92
Samsung Kies
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Silent Hunter 4 Wolves of the Pacific
Silent Hunter III
Skype Click to Call
Skype™ 5.5
SkyPlayer for Windows Media Center
Smart Defrag 2
Soldier Front
Steam
System Requirements Lab
The Lord of the Rings FREE Trial
Trojan Remover 6.8.3
TVUPlayer 2.5.2.2
Update 1.11.3.1 for "Men of War"
Update 1.17.5.1 for "Men of War"
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
Vuze
Vuze Remote Toolbar
War Inc Battlezone version 0.9.1
War Inc. Battlezone
Wincore MediaBar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Searchqu Toolbar
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
06/04/2012 09:10:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv06 prohlp02 prosync1 sfhlp01
06/04/2012 09:09:59, Error: Service Control Manager [7000] - The Bandoo Coordinator service failed to start due to the following error: The system cannot find the file specified.
06/04/2012 09:04:15, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/04/2012 20:15:42, Error: Service Control Manager [7030] - The Dr.Web Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
04/04/2012 21:55:07, Error: Application Popup [1060] - \??\C:\Users\tony\AppData\Local\Temp\trutil.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
04/04/2012 19:55:57, Error: bowser [8003] - The master browser has received a server announcement from the computer MAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{14A415D3-A49B-4310-B7F9-59487581C101}. The master browser is stopping or an election is being forced.
04/04/2012 14:10:13, Error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).
04/04/2012 14:09:28, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
04/04/2012 14:09:18, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
04/04/2012 10:25:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
04/04/2012 10:25:34, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/04/2012 09:06:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
02/04/2012 15:05:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
02/04/2012 15:05:11, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The system cannot find the file specified.
02/04/2012 15:05:11, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/04/2012 21:40:10, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
01/04/2012 21:40:10, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
01/04/2012 21:40:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

I trust I have given you all the information ?? If there is anything further I am, of course more than willing to attend.
Kind Regards
Tony Cahill
obxtony.

obxtony · 08-Apr-2012, 10:00 AM #2

I have noticed since starting this thread that I can no longer make backups nor use system restore!

**eddie5659** · 08-Apr-2012, 10:57 AM #3

Hiya

Sorry to hear of your loss

I'll have a full look at all the logs today, but in the meantime can you do this for me:

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Download and scan with SUPERAntiSpyware Free Edition for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Home" button to leave the control center screen.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click Scan your computer.
On the left, select all fixed drives.
Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- [i][color=green]Click View Scan Logs.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie

flavallee · 08-Apr-2012, 11:52 AM #4

Tony:

You've unfortunately learned the hard way the dangers of allowing unrestricted access to your computer by others.

As soon as Eddie is finished with you, I'll be happy to assist you with a few other things.

That computer appears to be HP brand.
Advise what model name and model number it is.
Also advise what the product name(P/N) and/or model name(M/N) on the sticker is.

-----------------------------------------------------------

**eddie5659** · 09-Apr-2012, 07:28 AM #5

Hiya

Okay, gone thru the logs that you posted, and you have a lot of things in there that shouldn't be there, so we'll get them all removed. If at any point you need further explanation, please ask

Now, I did post the above before going through it, but I see you already have the two programs installed:

Malwarebytes' Anti-Malware
SUPERAntiSpyware

So, if you can start them by going to Start | Programs, and open them. Then, update them both as I mentioned above, and then run the scans, and post the logs

Also, am I right in assuming that you don't play war games such as Call of Duty etc? I can never say no-one is too old for those, as we have someone (I play similar type of game) in our group that is in his 50's

If you don't, then we can also remove those games, but we can do that at the very end, once the malware has all been removed.

Then, I'll let flavallee take over

eddie

**eddie5659** · 09-Apr-2012, 07:31 AM #6

I'll aslo be here most of the day, as I'm back at glorious work tomorrow

obxtony · 09-Apr-2012, 12:53 PM #7

Hello again!
Firstly the 2 logs;
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 912040306
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
09/04/2012 14:17:54
mbam-log-2012-04-09 (14-17-54).txt
Scan type: Full scan (C:\|)
Objects scanned: 642164
Time elapsed: 1 hour(s), 39 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/09/2012 at 04:35 PM
Application Version : 5.0.1146
Core Rules Database Version : 8424
Trace Rules Database Version: 6236
Scan type : Complete Scan
Total Scan Time : 02:08:10
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator
Memory items scanned : 797
Memory threats detected : 0
Registry items scanned : 67447
Registry threats detected : 0
File items scanned : 476424
File threats detected : 81
Adware.Tracking Cookie
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@ad.360yield[1].txt [ /ad.360yield ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@ad.yieldmanage r[2].txt [ /ad.yieldmanager ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@adbrite[1].txt [ /adbrite ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@adform[2].txt [ /adform ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@adinterax[2].txt [ /adinterax ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@ads.pubmatic[2].txt [ /ads.pubmatic ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@adserver.adtec hus[1].txt [ /adserver.adtechus ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@adtech[2].txt [ /adtech ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@adviva[1].txt [ /adviva ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@aimfar.solutio n.weborama[1].txt [ /aimfar.solution.weborama ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@apmebf[1].txt [ /apmebf ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@apmebf[2].txt [ /apmebf ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@c.atdmt[2].txt [ /c.atdmt ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@c.gigcount[1].txt [ /c.gigcount ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@clickfuse[2].txt [ /clickfuse ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@dmtracker[2].txt [ /dmtracker ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@doubleclick[1].txt [ /doubleclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@doubleclick[3].txt [ /doubleclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@eaeacom.112.2o 7[1].txt [ /eaeacom.112.2o7 ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@eas.apm.emedia te[2].txt [ /eas.apm.emediate ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@edge.jeetyetme dia[2].txt [ /edge.jeetyetmedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@fastclick[2].txt [ /fastclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@h.atdmt[2].txt [ /h.atdmt ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@in.getclicky[1].txt [ /in.getclicky ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@invitemedia[2].txt [ /invitemedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@jeetyetmedia[1].txt [ /jeetyetmedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@kontera[1].txt [ /kontera ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@liveperson[1].txt [ /liveperson ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@media6degrees[2].txt [ /media6degrees ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@mediaplex[2].txt [ /mediaplex ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@qksrv[1].txt [ /qksrv ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@revsci[2].txt [ /revsci ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@serving-sys[1].txt [ /serving-sys ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@smartadserver[1].txt [ /smartadserver ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@specificclick[1].txt [ /specificclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@tracking.dc-storm[2].txt [ /tracking.dc-storm ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@tribalfusion[1].txt [ /tribalfusion ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@tribalfusion[3].txt [ /tribalfusion ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@virginmedia[1].txt [ /virginmedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@www.googleadse rvices[1].txt [ /www.googleadservices ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@www4.smartadse rver[1].txt [ /www4.smartadserver ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@zedo[1].txt [ /zedo ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\tony@rambler[1].txt [ /rambler.ru ]
C:\USERS\TONY\AppData\Roaming\Microsoft\Windows\Cookies\tony@clkads[3].txt [ Cookie:tony@clkads.com/adServe ]
C:\USERS\TONY\Cookies\tony@smartadserver[1].txt [ Cookie:tony@smartadserver.com/ ]
C:\USERS\TONY\Cookies\tony@adbrite[1].txt [ Cookie:tony@adbrite.com/ ]
C:\USERS\TONY\Cookies\tony@h.atdmt[2].txt [ Cookie:tony@h.atdmt.com/ ]
C:\USERS\TONY\Cookies\tony@media6degrees[2].txt [ Cookie:tony@media6degrees.com/ ]
C:\USERS\TONY\Cookies\tony@adviva[1].txt [ Cookie:tony@adviva.net/ ]
C:\USERS\TONY\Cookies\tony@adform[2].txt [ Cookie:tony@adform.net/ ]
C:\USERS\TONY\Cookies\tony@www4.smartadserver[1].txt [ Cookie:tony@www4.smartadserver.com/ ]
C:\USERS\TONY\Cookies\tony@apmebf[2].txt [ Cookie:tony@apmebf.com/ ]
C:\USERS\TONY\Cookies\tony@invitemedia[2].txt [ Cookie:tony@invitemedia.com/ ]
C:\USERS\TONY\Cookies\tony@zedo[1].txt [ Cookie:tony@zedo.com/ ]
C:\USERS\TONY\Cookies\tony@adinterax[2].txt [ Cookie:tony@adinterax.com/ ]
C:\USERS\TONY\Cookies\tony@fastclick[2].txt [ Cookie:tony@fastclick.net/ ]
C:\USERS\TONY\Cookies\tony@serving-sys[1].txt [ Cookie:tony@serving-sys.com/ ]
C:\USERS\TONY\Cookies\tony@ad.yieldmanager[2].txt [ Cookie:tony@ad.yieldmanager.com/ ]
C:\USERS\TONY\Cookies\tony@c.atdmt[2].txt [ Cookie:tony@c.atdmt.com/ ]
C:\USERS\TONY\Cookies\tony@eaeacom.112.2o7[1].txt [ Cookie:tony@eaeacom.112.2o7.net/ ]
C:\USERS\TONY\Cookies\tony@aimfar.solution.weborama[1].txt [ Cookie:tony@aimfar.solution.weborama.fr/ ]
C:\USERS\TONY\Cookies\tony@doubleclick[3].txt [ Cookie:tony@doubleclick.net/ ]
C:\USERS\TONY\Cookies\tony@specificclick[1].txt [ Cookie:tony@specificclick.net/ ]
C:\USERS\TONY\Cookies\tony@virginmedia[1].txt [ Cookie:tony@virginmedia.com/ ]
C:\USERS\TONY\Cookies\tony@clickfuse[2].txt [ Cookie:tony@clickfuse.com/ ]
C:\USERS\TONY\Cookies\tony@c.gigcount[1].txt [ Cookie:tony@c.gigcount.com/ ]
C:\USERS\TONY\Cookies\tony@imrworldwide[2].txt [ Cookie:tony@imrworldwide.com/cgi-bin ]
C:\USERS\TONY\Cookies\tony@tribalfusion[3].txt [ Cookie:tony@tribalfusion.com/ ]
C:\USERS\TONY\Cookies\tony@adtech[2].txt [ Cookie:tony@adtech.de/ ]
C:\USERS\TONY\Cookies\tony@revsci[2].txt [ Cookie:tony@revsci.net/ ]
C:\USERS\TONY\Cookies\tony@mediaplex[2].txt [ Cookie:tony@mediaplex.com/ ]
C:\USERS\TONY\Cookies\tony@rambler[1].txt [ Cookie:tony@rambler.ru/ ]
C:\USERS\TONY\Cookies\tony@jeetyetmedia[1].txt [ Cookie:tony@jeetyetmedia.com/ ]
C:\USERS\TONY\Cookies\tony@qksrv[1].txt [ Cookie:tony@qksrv.net/ ]
C:\USERS\TONY\Cookies\tony@dmtracker[2].txt [ Cookie:tony@dmtracker.com/ ]
C:\USERS\TONY\Cookies\tony@clkads[3].txt [ Cookie:tony@clkads.com/adServe ]
C:\USERS\TONY\Cookies\tony@in.getclicky[1].txt [ Cookie:tony@in.getclicky.com/ ]
C:\USERS\TONY\APPDATA\LOCAL\TEMP\COOKIES\TONY@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\TONY\APPDATA\LOCAL\TEMP\COOKIES\TONY@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
Adware.InstallCore
C:\DOWNLOADS\DESKTOP\ADLSOFT_UNCOMPRESSOR_1.EXE
Iwill dlete the infections onSuperanti now and enclose second log?? if necessary!
I do actualy play the games that are on my PC have been an online gamer for MAY years but still not very good at it

The pc is indeed an HP Model is P636 uk
Serial Number is CZH00306VF
Prod is WE170AA-ABU.

I shall be more than happy to provide any other info (if I can find it !!)

obxtony · 09-Apr-2012, 01:07 PM #8

oops I am so sorry I forgot to do another Hijak this log.
Here it is!!
23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~2\Bandoo\Bandoo.exe (file missing)
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Please be aware I have deleted (after paying for it!!) the Dr (?) antivirus, it kept popping up even though I had stopped it.
Rwgards and thanks again
Tony Cahill
--
End of file - 21080 bytes

flavallee · 09-Apr-2012, 01:07 PM #9

Tony:

1.50.1.1100 is an old version of Malwarebytes Anti-Malware.

The current version is 1.60.1.1000.

You need to start it, then click "Update - Check For Updates" so it can update its definition files and update to the current version.

I'll leave it to Eddie to decide if you need to run a new scan and submit a new log.

--------------------------------------------------

I'm not having any luck at the HP/Compaq support site with the model number and the product number that you submitted, so you probably submitted them here incorrectly.

We really need to get that desktop correctly identified.

--------------------------------------------------

obxtony · 09-Apr-2012, 02:25 PM **#10**

info from dx diag;
------------------
System Information
------------------
Time of this report: 4/9/2012, 19:13:29
Machine name: TONY-PC
Operating System: Windows 7 Home Premium 64-bit (6.1, Build 7600) (7600.win7_gdr.110408-1633)
Language: English (Regional Setting: English)
System Manufacturer: HP-Pavilion
System Model: WE170AA-ABU p6360uk
BIOS: 12/21/09 17:01:03 Ver: 5.07
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz (8 CPUs), ~2.8GHz
Memory: 6144MB RAM
Available OS Memory: 6104MB RAM
Page File: 2945MB used, 9258MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: 120 DPI (125 percent)
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7600.16385 32bit Unicode
------------
I can find nothing else on the machine Im afraid.
oh btw after doing the TFC there are 13 greyed out icons on my desktop, all with old dates on them!!

flavallee · 09-Apr-2012, 02:39 PM **#11**

Tony:

Here is the support site for the HP Pavilion p6360uk desktop.

You might want to add and save this site in your browser favorites/bookmarks list so you can readily refer to it whenever needed.

Here is the section on how to do a system recovery, if it becomes necessary.

It doesn't appear that a recovery disc kit for that desktop is available for purchase, so hopefully the built-in system recovery partition in yours is still intact.

--------------------------------------------------------

obxtony · 09-Apr-2012, 02:49 PM **#12**

It wont allow me to make a bck up nor will it allow me to restore to an earlier date!!
REALY up the creak

obxtony · 09-Apr-2012, 02:51 PM **#13**

added it!

obxtony · 09-Apr-2012, 02:52 PM **#14**

also running another MWB full scan

**eddie5659** · 09-Apr-2012, 02:52 PM **#15**

Hopefully once we get the malware gone, we'll get the restore points working again. Sometimes the malware will block access to Microsoft programs

If you update Malwarebytes Anti-Malware to the newer version as flavallee explained above and run a scan, that would be great. If anything is found, remove them, and post the log. If it still shows as nothing then you don't need to post it

As for the games, that's okay, we'll leave those installed

Let me know when you've run the scan, a Quick Scan should be okay. Then, we'll go to the next step

eddie

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Mr

Find the solution to your computer problem!

Find the solution to your
computer problem!