Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: How do I get rid of Ilivid.com???


(!)

bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
07-Oct-2012, 07:09 PM #1
How do I get rid of Ilivid.com???
I have a PC with W7 home premium. I use Avast, the free version. I'm running a full scan right now, fwiw.

I get these automatic, stupid pop-ups constantly, from illivid.com, asking me to download stuff, etc. I looked it up and the report said it is evil; collects personal stuff, pretends to be a safety item, but is the opposite. I followed one detailed solutions which took me into safe mode and regedit, looking for various things, of which I had none. After the safe mode reboot (where all I did really was reset IE to some default settings), it came right back first time I went to IE.

Can someone tell me step by step how to get rid of this?

Thanks.
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
14-Oct-2012, 02:12 PM #2
bump
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,639 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
14-Oct-2012, 02:20 PM #3
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
14-Oct-2012, 03:40 PM #4
Thank you SO MUCH for being willing to help me with this problem. As I stated above, the "ilivid.com" supposed download manager keeps popping up when I go to IE, almost every time. I also get lots of pop-up ads, even though I have pop-up blocker on. It's obvious it's bad, because sometimes whether or not you click "x" to close it, or "cancel," or whatever, it automatically goes into "Downloading...." On the ilivid.com site, there is no option for contacting them. I have tried a couple of suggested fixes, which have done nothing. I ran Spybot search and destroy which did not find ilivid. I ran MalwareBytes; ditto. It found nothing.

So, here's hoping you can help me. It's making me nuts. And, it's supposedly dangerous.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:25 PM, on 10/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Juicy Stakes 2.0\JuicyNotifier.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\BJN\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.55.76.230 www.google-analytics.com.
O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
O1 - Hosts: 74.55.76.230 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [SpybotDeletingA7074] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5725] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CPN Notifier] C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_SFB2B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5819] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2664] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3129856180-968514668-156085370-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3129856180-968514668-156085370-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: IconRestorer.lnk = C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
O4 - Global Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\BJN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Support Dock Service (SupportDockService.exe) - iYogi Technical Services - C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16951 bytes






DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Run by BJN at 13:25:58 on 2012-10-14
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.972 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Juicy Stakes 2.0\JuicyNotifier.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\BJN\Desktop\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [CPN Notifier] C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [EPSON Stylus CX4800 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_SFB2B.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB5819] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
uRunOnce: [SpybotDeletingD2664] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRunOnce: [SpybotDeletingA7074] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
mRunOnce: [SpybotDeletingC5725] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"
StartupFolder: C:\Users\BJN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ICO NRE~1.LNK - C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{728471C5-968E-4601-AD1B-01EC9FC6E9BA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{74103EAD-46EA-42E2-97A3-660DB0658E91} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 74.55.76.230 www.google-analytics.com.
Hosts: 74.55.76.230 ad-emea.doubleclick.net.
Hosts: 74.55.76.230 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ironto
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\n prpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\n prpffbrowserrecordlegacyext.dll
FF - component: C:\Users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\exte nsions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: C:\Users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\exte nsions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 8e483d8e0000000000006cf04977fba6
FF - user.js: extensions.funmoods_i.instlDay - 15353
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.115:44:03
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-30 52856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-19 601944]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-8-28 301912]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-8-28 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-8-28 65368]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-2-5 44768]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2012-10-3 31808]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-6-26 65536]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-10-9 72216]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-18 65657]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-9-9 11576]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-26 2320920]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe [2010-8-30 598856]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-16 56344]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-28 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-30 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SupportDockService.exe;Support Dock Service;C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2012-9-4 78336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250808]
S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-2-23 14904]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2010-5-14 24032]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-8-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-28 79360]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-6-26 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-6-26 30528]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2010-5-14 68064]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2010-5-14 4865568]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-8-28 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-11 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-8-28 1225216]
S3 VMfilt;VMfilt;C:\Windows\System32\drivers\VMfilt64.sys [2010-8-28 25600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-8-28 90112]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Winword.exe="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
.
=============== Created Last 60 ================
.
2012-10-14 11:15:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A92E4622-C322-4B05-9633-D30E9BC8E87F}\offreg.dll
2012-10-12 12:09:24 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A92E4622-C322-4B05-9633-D30E9BC8E87F}\mpengine.dll
2012-10-11 04:56:01 -------- d-----w- C:\_OTL
2012-10-10 02:42:59 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-03 05:18:45 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-10-03 05:18:29 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-09-29 20:46:06 -------- d-----w- C:\Program Files (x86)\iYogi Support Dock
2012-09-26 04:54:38 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-22 00:50:32 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-22 00:49:58 -------- d-----w- C:\Program Files\iPod
2012-09-22 00:49:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-22 00:49:57 -------- d-----w- C:\Program Files\iTunes
2012-09-13 00:11:01 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 00:11:01 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 00:11:00 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 00:10:59 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 00:10:57 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 00:10:57 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 00:10:57 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-02 20:36:33 -------- d-----w- C:\Program Files (x86)\Common Files\Broderbund
2012-08-19 06:32:56 -------- d-----w- C:\Users\BJN\AppData\Local\{D8B30D7C-F9F5-49B8-9E44-16E1CE40CAF0}
2012-08-15 21:34:59 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 21:34:40 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 21:34:38 956928 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find6M ====================
.
2012-10-14 04:46:58 4496 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-10-09 10:10:07 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 10:10:07 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-03 05:18:19 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-10-03 05:18:19 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-07-13 00:03:59 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-13 00:03:59 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-07-13 00:03:58 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-06-25 23:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-06 15:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 05:41:28 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-02 05:41:28 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-02 05:41:27 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:36:29 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-02 04:36:29 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-02 04:36:29 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-24 21:18:40 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-05-21 22:16:15 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-05 08:36:55 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-05-05 07:46:52 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 13:27:09.69


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/28/2010 11:45:29 AM
System Uptime: 10/13/2012 12:13:52 PM (25 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-USB3
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz | Socket 1156 | 2794/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 339.778 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 26.852 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 556.125 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 173.466 GiB free.
H: is FIXED (FAT32) - 233 GiB total, 26.976 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (FAT32) - 233 GiB total, 25.314 GiB free.
M: is Removable
N: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP489: 7/31/2012 4:51:25 AM - Windows Update
RP490: 7/31/2012 11:38:26 AM - Installed MotoCast
RP491: 8/7/2012 9:53:53 AM - Windows Update
RP492: 8/14/2012 4:13:54 AM - Windows Update
RP493: 8/16/2012 3:00:18 AM - Windows Update
RP494: 8/17/2012 2:34:38 PM - Installed Microsoft Fix it 50472
RP495: 8/21/2012 3:05:08 AM - Windows Update
RP496: 8/24/2012 4:35:31 AM - Windows Update
RP498: 8/26/2012 10:45:33 PM - Revo Uninstaller's restore point - The Print Shop 23
RP499: 8/26/2012 10:59:48 PM - Revo Uninstaller's restore point - The Print Shop 23
RP500: 8/26/2012 11:03:10 PM - Revo Uninstaller's restore point - The Print Shop 23
RP501: 8/26/2012 11:44:18 PM - Restore Operation
RP502: 8/26/2012 11:59:44 PM - Windows Update
RP503: 8/31/2012 2:05:42 AM - Windows Update
RP504: 9/2/2012 1:11:57 PM - Removed The Print Shop 23
RP505: 9/2/2012 1:36:03 PM - Installed The Print Shop 23
RP506: 9/4/2012 2:05:43 AM - Windows Update
RP507: 9/5/2012 3:00:15 AM - Windows Update
RP508: 9/11/2012 3:54:20 AM - Windows Update
RP509: 9/12/2012 5:07:00 PM - Windows Update
RP510: 9/13/2012 3:00:12 AM - Windows Update
RP511: 9/18/2012 9:46:55 AM - Windows Update
RP512: 9/22/2012 3:00:12 AM - Windows Update
RP513: 9/26/2012 3:00:29 AM - Windows Update
RP514: 10/2/2012 1:55:17 AM - Windows Update
RP515: 10/5/2012 2:31:38 AM - Windows Update
RP516: 10/9/2012 3:21:40 AM - Windows Update
RP517: 10/10/2012 3:00:19 AM - Windows Update
RP518: 10/10/2012 9:56:31 PM - OTL Restore Point - 10/10/2012 9:56:12 PM
.
==== Hosts File Hijack ======================
.
Hosts: 74.55.76.230 www.google-analytics.com.
Hosts: 74.55.76.230 ad-emea.doubleclick.net.
Hosts: 74.55.76.230 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
Hosts: 178.250.45.15 www.statcounter.com.
.
==== Installed Programs ======================
.
@BIOS Ver.2.07
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Advertising Center
AnalogX Capture
AnalogX DXMan
AnswerWorks Runtime
Any Video Converter 3.4.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Audacity 1.2.6
avast! Free Antivirus
Band-in-a-Box 2005
Bonjour
Cake Poker 2.0
Camtasia Studio 7
Canon CanoScan LiDE 110 User Registration
Canon MP Navigator EX 4.0
Canon Solution Menu EX
CanoScan LiDE 110 Scanner Driver
CarbonPoker
Compatibility Pack for the 2007 Office system
Conduit Engine
Corel WordPerfect Office - iFilter 64 Bit
Creative Software AutoUpdate
D3DX10
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Docs Opener 0.1
DolbyFiles
DreamStation DXi2
Dropbox
Easy Tune 6 B09.1120.1
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Printer Software
EPSON Scan
Express Burn Disc Burning Software
Finale 2007
Finale 98
Free Studio version 5.2.1
Free Video Flip and Rotate version 1.4
Full Tilt Poker
Gigabyte Raid Cinfigurer
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Greenshot
HP LaserJet P2030 Series
hppusgP2030
HPSSupply
iCloud
Iconoid version 3.8.6
IconRestorer 1.0.8.1 SR1
IE New Window Maximizer 2.3
ImagXpress
Intel(R) Management Engine Components
Intel® Matrix Storage Manager
iTunes
iYogi Support Dock
Java Auto Updater
Java(TM) 6 Update 25
Juicy Stakes 2.0
Licensing Service Install
LightScribe System Software
LogMeIn
Malwarebytes' Anti-Malware
MarketResearch
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
MixPad Audio Mixer
MobileMe Control Panel
MotoCast
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
Movie Templates - Starter Kit
MozBackup 1.5.1
Mozilla Firefox (3.6.13)
Mozilla Thunderbird 15.0.1 (x86 en-US)
MozyHome
MrvlUsgTracking64
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyPC Backup
Native Instruments Finale GPO 2.0
NCH Toolbar
NEC Electronics USB 3.0 Host Controller Driver
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NVIDIA Control Panel 267.24
NVIDIA Graphics Driver 267.24
NVIDIA Install Application
Orbit Downloader
PDFCreator
Pegasus Mail
PG Music DirectX Plugins 1.3.3.1
PhotoStage Slideshow Producer
Picasa 3
Platform
PokerStars
PostgreSQL 8.3
Prism Video File Converter
PVSonyDll
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.93
Samsung CLP-310 Series
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shop To Win
Skype Toolbars
Skype™ 5.10
SMPlayer 0.6.9
SONAR 2
Sound Blaster Plugin x64 Edition for Microsoft Media Center
Sound Blaster X-Fi MB
Spybot - Search & Destroy
SUPERAntiSpyware
Switch Sound File Converter
SyncBack
The Print Shop 23
ThunderFix 1.0.0.2
Toolbar Cleaner 1.0
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VIA Platform Device Manager
VideoPad Video Editor
VLC media player 1.1.11
WavePad Sound Editor
Web Page Maker V3.12
Window Washer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Movie Maker 2.6
WinPcap 4.1.2
WinRAR archiver
WM Capture 5
WM Recorder
WordPerfect Lightning
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X4
WordPerfect Office X4 - Common
WordPerfect Office X4 - Content
WordPerfect Office X4 - EN
WordPerfect Office X4 - Filters
WordPerfect Office X4 - Graphics
WordPerfect Office X4 - ICA
WordPerfect Office X4 - IPM
WordPerfect Office X4 - IPM EN
WordPerfect Office X4 - Migration Manager
WordPerfect Office X4 - PerfectExperts
WordPerfect Office X4 - PR
WordPerfect Office X4 - QP
WordPerfect Office X4 - Skins
WordPerfect Office X4 - System
WordPerfect Office X4 - WP
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
10/7/2012 9:28:39 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/7/2012 4:23:12 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{728471C5-968E-4601-AD1B-01EC9FC6E9BA} because another computer on the network has the same name. The server could not start.
10/7/2012 4:23:11 PM, Error: NetBT [4321] - The name "BJN-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
10/7/2012 4:22:11 PM, Error: NetBT [4321] - The name "BJN-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
10/13/2012 12:15:58 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: This driver has been blocked from loading
10/13/2012 12:15:58 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\DgiVecp.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/13/2012 12:12:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/13/2012 11:57:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/13/2012 11:56:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/13/2012 11:56:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/13/2012 11:56:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/13/2012 11:56:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO aswSnx aswSP aswTdi discache mozyFilter SASDIFSV SASKUTIL spldr Wanarpv6
10/10/2012 9:56:01 PM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===================
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
14-Oct-2012, 03:42 PM #5
Just to add.....the pop-up ads usually happen in the lower left corner of the screen.......there are ads for insurances companies, windows tech support, but mainly attempts to get me to download Ilivid.com.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,639 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
14-Oct-2012, 04:13 PM #6
Thanks for the logs, do the following:

Step 1

Uninstall Spybot S & D....

Step 2

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
14-Oct-2012, 05:19 PM #7
ComboFix 12-10-14.03 - BJN 10/14/2012 14:48:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.2172 [GMT -7:00]
Running from: c:\users\BJN\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\programdata\A7C5428869.sys
c:\programdata\BE67E37FB8.sys
C:\readme.txt
c:\users\BJN\AppData\Local\Temp\_MEI37162\_ctypes.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\_elementtree.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\_hashlib.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\_socket.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\_ssl.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\pyexpat.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\pysqlite2._sqlite.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\python26.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\pythoncom26.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\pywintypes26.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\select.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\unicodedata.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32api.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32com.shell.shell.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32crypt.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32event.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32file.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32inet.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32pdh.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32process.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\win32security.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\windows._cacheinvalidation.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wx._controls_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wx._core_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wx._gdi_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wx._html2.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wx._misc_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wx._windows_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wx._wizard.pyd
c:\users\BJN\AppData\Local\Temp\_MEI37162\wxbase293u_net_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\wxbase293u_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\wxmsw293u_adv_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\wxmsw293u_core_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\wxmsw293u_html_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI37162\wxmsw293u_webview_vc.dll
c:\users\BJN\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\BJN\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\BJN\AppData\Roaming\Smart Engine
c:\users\BJN\AppData\Roaming\Smart Engine\cookies.sqlite
c:\windows\SysWow64\DC120fc7_32.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
G:\Autorun.inf
G:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 21:59 . 2012-10-14 21:59 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-14 21:59 . 2012-10-14 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 12:09 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A92E4622-C322-4B05-9633-D30E9BC8E87F}\mpengine.dll
2012-10-11 04:56 . 2012-10-11 04:56 -------- d-----w- C:\_OTL
2012-10-10 02:42 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-03 05:18 . 2012-10-03 05:18 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-10-03 05:18 . 2012-10-03 05:18 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-09-29 20:46 . 2012-10-05 01:36 -------- d-----w- c:\program files (x86)\iYogi Support Dock
2012-09-26 04:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 00:50 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-22 00:49 . 2012-09-22 00:49 -------- d-----w- c:\program files\iPod
2012-09-22 00:49 . 2012-09-22 00:50 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-22 00:49 . 2012-09-22 00:50 -------- d-----w- c:\program files\iTunes
2012-09-19 11:42 . 2012-09-19 11:42 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-14 04:46 . 2010-09-11 21:07 4496 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-10 10:04 . 2010-08-31 00:26 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:10 . 2012-04-19 01:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 10:10 . 2011-05-19 01:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 05:18 . 2011-11-26 01:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-03 05:18 . 2011-11-26 01:04 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-22 18:12 . 2012-09-13 00:10 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 00:11 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 00:10 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 00:10 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:01 . 2010-08-30 21:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 20:01 . 2010-08-30 21:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 02:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-13 00:11 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-13 00:10 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-15 21:34 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\1AMPCBSyncing]
@="{4d87b7a7-23f1-470c-aa45-96b25b9bd138}"
[HKEY_CLASSES_ROOT\CLSID\{4d87b7a7-23f1-470c-aa45-96b25b9bd138}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-13 39408]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\users\BJN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IconRestorer.lnk - c:\program files (x86)\FSL\IconRestorer\IconRestorer.exe [2011-5-22 1683456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2012-10-3 1738816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe [2012-10-03 31808]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2012-09-04 78336]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2010-05-14 24032]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-28 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-28 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-06-27 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-07 30528]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [2010-05-14 68064]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-08-28 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-28 1225216]
R3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-31 1255736]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-30 52856]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-14 11576]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 wwEngineSvc;Window Washer Engine;c:\program files (x86)\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 10:10]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 06:30]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 06:30]
.
2011-07-25 c:\windows\Tasks\mixpadSevenDays.job
- c:\program files (x86)\NCH Software\MixPad\mixpad.exe [2011-07-17 22:25]
.
2011-07-20 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files (x86)\NCH Software\MixPad\mixpad.exe [2011-07-17 22:25]
.
2011-07-20 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files (x86)\NCH Software\PhotoStage\photostage.exe [2011-07-17 22:21]
.
2011-07-25 c:\windows\Tasks\videopadSevenDays.job
- c:\program files (x86)\NCH Software\VideoPad\videopad.exe [2010-12-31 22:25]
.
2011-07-20 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files (x86)\NCH Software\VideoPad\videopad.exe [2010-12-31 22:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1AMPCBSyncing]
@="{4d87b7a7-23f1-470c-aa45-96b25b9bd138}"
[HKEY_CLASSES_ROOT\CLSID\{4d87b7a7-23f1-470c-aa45-96b25b9bd138}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 20:24 4368184 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 20:24 4368184 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ironto
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 8e483d8e0000000000006cf04977fba6
FF - user.js: extensions.funmoods_i.instlDay - 15353
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.115:44
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Juicy Stakes 2.0\PokerNotifier.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{F25146ED-8C9C-4D92-B26D-7B40AE34EA66}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-10-14 15:13:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-14 22:13
.
Pre-Run: 370,724,741,120 bytes free
Post-Run: 378,131,283,968 bytes free
.
- - End Of File - - 50A2C9AE4C47CD83D37C9DD1E04399B1
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,639 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
14-Oct-2012, 05:32 PM #8
Thanks for the logs, run the following:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
Killall::
FireFox::
FF - ProfilePath - c:\users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 8e483d8e0000000000006cf04977fba6
FF - user.js: extensions.funmoods_i.instlDay - 15353
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.115:44
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please download AdwCleaner by Xplode onto your Desktop.
  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Post that log.

Step 3

Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Please download
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post those three logs, also let me know how your system responds and if any issues remain...

Kevin
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
15-Oct-2012, 01:49 AM #9
hn kjComboFix 12-10-14.03 - BJN 10/14/2012 21:56:37.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4059.2136 [GMT -7:00]
Running from: c:\users\BJN\Desktop\ComboFix.exe
Command switches used :: c:\users\BJN\Desktop\cFScript.text
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BJN\AppData\Local\Temp\_MEI49162\_ctypes.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\_elementtree.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\_hashlib.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\_socket.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\_ssl.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\pyexpat.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\pysqlite2._sqlite.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\python26.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\pythoncom26.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\pywintypes26.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\select.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\unicodedata.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32api.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32com.shell.shell.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32crypt.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32event.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32file.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32inet.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32pdh.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32process.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\win32security.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\windows._cacheinvalidation.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wx._controls_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wx._core_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wx._gdi_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wx._html2.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wx._misc_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wx._windows_.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wx._wizard.pyd
c:\users\BJN\AppData\Local\Temp\_MEI49162\wxbase293u_net_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\wxbase293u_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\wxmsw293u_adv_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\wxmsw293u_core_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\wxmsw293u_html_vc.dll
c:\users\BJN\AppData\Local\Temp\_MEI49162\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 05:05 . 2012-10-15 05:05 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-15 05:05 . 2012-10-15 05:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 02:21 . 2012-10-15 02:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-12 12:09 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A92E4622-C322-4B05-9633-D30E9BC8E87F}\mpengine.dll
2012-10-11 04:56 . 2012-10-11 04:56 -------- d-----w- C:\_OTL
2012-10-10 02:42 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-03 05:18 . 2012-10-03 05:18 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-10-03 05:18 . 2012-10-03 05:18 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-09-29 20:46 . 2012-10-05 01:36 -------- d-----w- c:\program files (x86)\iYogi Support Dock
2012-09-26 04:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 00:50 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-22 00:49 . 2012-09-22 00:49 -------- d-----w- c:\program files\iPod
2012-09-22 00:49 . 2012-09-22 00:50 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-22 00:49 . 2012-09-22 00:50 -------- d-----w- c:\program files\iTunes
2012-09-19 11:42 . 2012-09-19 11:42 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 04:57 . 2010-09-11 21:07 4496 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-10 10:04 . 2010-08-31 00:26 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:10 . 2012-04-19 01:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 10:10 . 2011-05-19 01:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 05:18 . 2011-11-26 01:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-03 05:18 . 2011-11-26 01:04 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-22 18:12 . 2012-09-13 00:10 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 00:11 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 00:10 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 00:10 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:01 . 2010-08-30 21:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 20:01 . 2010-08-30 21:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 02:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-13 00:11 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-13 00:10 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-15 21:34 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\1AMPCBSyncing]
@="{4d87b7a7-23f1-470c-aa45-96b25b9bd138}"
[HKEY_CLASSES_ROOT\CLSID\{4d87b7a7-23f1-470c-aa45-96b25b9bd138}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-13 39408]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"CPN Notifier"="c:\program files (x86)\Juicy Stakes 2.0\PokerNotifier.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\users\BJN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IconRestorer.lnk - c:\program files (x86)\FSL\IconRestorer\IconRestorer.exe [2011-5-22 1683456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2012-10-3 1738816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe [2012-10-03 31808]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2012-09-04 78336]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-02-23 14904]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2010-05-14 24032]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-28 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-28 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-06-27 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-07 30528]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [2010-05-14 68064]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-08-28 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-28 1225216]
R3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-31 1255736]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-30 52856]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-13 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-14 11576]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 wwEngineSvc;Window Washer Engine;c:\program files (x86)\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 10:10]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 06:30]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 06:30]
.
2011-07-25 c:\windows\Tasks\mixpadSevenDays.job
- c:\program files (x86)\NCH Software\MixPad\mixpad.exe [2011-07-17 22:25]
.
2011-07-20 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files (x86)\NCH Software\MixPad\mixpad.exe [2011-07-17 22:25]
.
2011-07-20 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files (x86)\NCH Software\PhotoStage\photostage.exe [2011-07-17 22:21]
.
2011-07-25 c:\windows\Tasks\videopadSevenDays.job
- c:\program files (x86)\NCH Software\VideoPad\videopad.exe [2010-12-31 22:25]
.
2011-07-20 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files (x86)\NCH Software\VideoPad\videopad.exe [2010-12-31 22:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1AMPCBSyncing]
@="{4d87b7a7-23f1-470c-aa45-96b25b9bd138}"
[HKEY_CLASSES_ROOT\CLSID\{4d87b7a7-23f1-470c-aa45-96b25b9bd138}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\BJN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 20:24 4368184 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 20:24 4368184 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{F25146ED-8C9C-4D92-B26D-7B40AE34EA66}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2012-10-14 22:17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-15 05:17
ComboFix2.txt 2012-10-15 03:02
ComboFix3.txt 2012-10-14 22:13
.
Pre-Run: 378,216,284,160 bytes free
Post-Run: 377,859,686,400 bytes free
.
- - End Of File - - 15A9C8C20C1C3DB63BD3B8A538D72C0B
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,639 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
15-Oct-2012, 03:20 AM #10
Thanks for Combofix log, that is actually from the third run, why did that happen? what happened to the log from the second run?
Have you ran AdwCleaner and Malwarebytes, if so do you have those logs. Also give an update on how your system is responding...

Thanks,

Kevin
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
15-Oct-2012, 11:17 PM #11
Hi, finally able to get back to this. Don't lose faith in me!

I thought I had accidentally rebooted wrong or something.....wanted to make sure I had an accurate result. That's why I redid the Combofix scan.

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 21:07:51
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : BJN - BJN-PC
# Boot Mode : Normal
# Running from : C:\Users\BJN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9718H39\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\sear chplugins\Conduit.xml
File Deleted : C:\Users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\sear chplugins\funmoods.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\NCH
Folder Deleted : C:\Users\BJN\AppData\Local\Conduit
Folder Deleted : C:\Users\BJN\AppData\Local\OpenCandy
Folder Deleted : C:\Users\BJN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\BJN\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\BJN\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\BJN\AppData\LocalLow\NCH
Folder Deleted : C:\Users\BJN\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\BJN\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\NCH
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B5A9C3D4-F5A6-4072-9AE7-264678DA86DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\NCH
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5A9C3D4-F5A6-4072-9AE7-264678DA86DD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgn heckmaki
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AFB2EB6-827F-493B-AA10-CDDE5CBDEA8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80EA49D8-255C-4952-B901-0C94B0B22B7A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7FAEE81-50CB-49A2-B09A-696E469F9476}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D 125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Condui t Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\condui tEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKU\S-1-5-21-3129856180-968514668-156085370-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKU\S-1-5-21-3129856180-968514668-156085370-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.13 (en-US)

Profile name : default
File : C:\Users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\pref s.js

C:\Users\BJN\AppData\Roaming\Mozilla\Firefox\Profiles\zm2j56s4.default\user .js ... Deleted !

Deleted : user_pref("CT2117678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2117678.CTID", "CT2117678");
Deleted : user_pref("CT2117678.CurrentServerDate", "20-8-2011");
Deleted : user_pref("CT2117678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2117678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2117678.EMailNotifierPollDate", "Sat Aug 20 2011 02:28:01 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2117678.FirstServerDate", "27-6-2011");
Deleted : user_pref("CT2117678.FirstTime", true);
Deleted : user_pref("CT2117678.FirstTimeFF3", true);
Deleted : user_pref("CT2117678.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2117678.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2117678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2117678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2117678.Initialize", true);
Deleted : user_pref("CT2117678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2117678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2117678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2117678.InstalledDate", "Sun Jun 26 2011 17:08:30 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2117678.InvalidateCache", false);
Deleted : user_pref("CT2117678.IsGrouping", false);
Deleted : user_pref("CT2117678.IsMulticommunity", false);
Deleted : user_pref("CT2117678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2117678.IsOpenUninstallPage", true);
Deleted : user_pref("CT2117678.LanguagePackLastCheckTime", "Sat Aug 20 2011 02:00:10 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT2117678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2117678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2117678.LastLogin_2.7.2.0", "Sat Aug 20 2011 02:00:10 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT2117678.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2117678.Locale", "en-us");
Deleted : user_pref("CT2117678.LoginCache", 4);
Deleted : user_pref("CT2117678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2117678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2117678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2117678.RadioIsPodcast", false);
Deleted : user_pref("CT2117678.RadioLastCheckTime", "Sat Aug 20 2011 02:00:10 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2117678.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2117678.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT2117678.RadioMediaID", "9583498");
Deleted : user_pref("CT2117678.RadioMediaType", "Media Player");
Deleted : user_pref("CT2117678.RadioMenuSelectedID", "EBRadioMenu_CT21176789583498");
Deleted : user_pref("CT2117678.RadioStationName", "ABC%20Newsradio%20");
Deleted : user_pref("CT2117678.RadioStationURL", "hxxp://www.abc.net.au/streaming/newsradio.asx");
Deleted : user_pref("CT2117678.SavedHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CT2117678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2117678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2117678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT211[...]
Deleted : user_pref("CT2117678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2117678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2117678.SearchInNewTabLastCheckTime", "Sat Aug 20 2011 02:00:09 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT2117678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2117678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2117678.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2117678.SettingsLastCheckTime", "Sat Aug 20 2011 02:00:09 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2117678.SettingsLastUpdate", "1312887586");
Deleted : user_pref("CT2117678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2117678.ThirdPartyComponentsLastCheck", "Sat Aug 20 2011 02:00:09 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT2117678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2117678.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2117678.UserID", "UN03518044594360159");
Deleted : user_pref("CT2117678.ValidationData_Search", 2);
Deleted : user_pref("CT2117678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2117678.WeatherNetwork", "");
Deleted : user_pref("CT2117678.WeatherPollDate", "Sat Aug 20 2011 02:31:02 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2117678.WeatherUnit", "C");
Deleted : user_pref("CT2117678.alertChannelId", "522511");
Deleted : user_pref("CT2117678.clientLogIsEnabled", false);
Deleted : user_pref("CT2117678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2117678.myStuffEnabled", true);
Deleted : user_pref("CT2117678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2117678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2117678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2117678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2117678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2117678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2117678");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2117678");
Deleted : user_pref("browser.search.defaultthis.engineName", "NCH Customized Web Search");
Deleted : user_pref("extensions.facemoods.tlbrSrchUrl","hxxp://start.facemoods.com/?a=adknlg&f=3");
Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=adknlg");
Deleted : user_pref("extensions.facemoods.id", "8e483d8e0000000000006cf04977fba6");
Deleted : user_pref("extensions.facemoods.sid", "6e2029ef49b34e07819474d3dbec29da");
Deleted : user_pref("extensions.facemoods.instlDay", "15353");
Deleted : user_pref("extensions.facemoods.vrsn", "1.4.17.11");
Deleted : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Deleted : user_pref("extensions.facemoods.aflt", "adknlg");
Deleted : user_pref("extensions.facemoods.DNSErrUrl","hxxp://start.facemoods.com/?a=adknlg&f=5");
Deleted : user_pref("extensions.facemoods.mntz","");
Deleted : user_pref("extensions.facemoods.hmpg", false);
Deleted : user_pref("extensions.facemoods.dfltSrch", false);
Deleted : user_pref("extensions.facemoods.searchProviderAdded", false);
Deleted : user_pref("extensions.facemoods.dnsErr", false);
Deleted : user_pref("extensions.facemoods.newTab", false);
Deleted : user_pref("extensions.facemoods.firstRun", true);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\BJN\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://start.funmoods.com/?f=1&a=ironto",
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=ironto" ]
Deleted [l.119] : homepage = "hxxp://start.funmoods.com/?f=1&a=ironto",
Deleted [l.333] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=ironto" ]

*************************

AdwCleaner[S1].txt - [14626 octets] - [15/10/2012 21:07:51]

########## EOF - C:\AdwCleaner[S1].txt - [14687 octets] ##########
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
16-Oct-2012, 01:56 AM #12
Hi, I think this is the last of it.

I notice that "funmoods" comes up all over the place in the other logs. I had tried to get rid of that forever. Can't believe it was still there.





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4792

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/15/2012 11:54:10 PM
mbam-log-2012-10-15 (23-54-10).txt

Scan type: Full scan (C:\|E:\|F:\|H:\|)
Objects scanned: 806837
Time elapsed: 2 hour(s), 35 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,639 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
16-Oct-2012, 04:02 AM #13
Thanks for the logs, if all is showing OK on your system we now need to run an online AV scan, this will ensure no remnants of any type of infection has been left. It is very thorough so can take several hours, depending on the amount of data that has to be scanned...

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Thanks,

Kevin
bj nick's Avatar
Computer Specs
Member with 1,380 posts.
THREAD STARTER
 
Join Date: Jun 1999
Location: Santa Barbara
Experience: Intermediate
17-Oct-2012, 12:09 AM #14
Hi Kevin, thanks for all this. I am really confused. I click on the link but I don't get an option to download to the desktop; I get "Run online scan." Please tell me how to proceed. Should I just run that scan?

Thanks!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,639 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Oct-2012, 04:03 AM #15
Just follow the instructions exactly as shown, if you are promted to run an online scan, follow the prompt...
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑