Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: pup.optional.mysearchDial.a


(!)

mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
16-Sep-2013, 06:36 AM #1
pup.optional.mysearchDial.a
hello i have been having trouble with pup.optional.mysearchDial.a
pup.optional.Dealply.a

when i click a new tab this my search Dial page comes up ( it is a a pup)
but when i press the home page it is google like it is spose to be
often get pop up coming in
computer running slower
firefox stops responding

i did have quit a few mysearchDial.a
pup.optional.Dealply.a infections, in malawarebytes but seem to be gone for now ???
but i guess they will appear again after using computer for a bit ??

iv got malawarebytes, superantispyware, hitman pro, avg free
can i ask if spyhunter 4 is a rough spyware remover , some reviews said so , but that said i was badly infected and need to pay for it to be fixed , so nothing was done and after ready review i removed it from programs and desktop and download , i am using free AVG and windows defender is not working , cannot turn it on

Last edited by mjackson1; 16-Sep-2013 at 06:41 AM.. Reason: just added a bit more info
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
16-Sep-2013, 07:10 AM #2
We are very willing to help you, but you need to help yourself and us by following the advice in the sticky at the top of the forum. We are very good here but aren't miracle workers and can't guess at what is wrong. We need to see various logs to determine the cause of your problem(s). When you don't read the instructions or post the logs we have to repeat the instructions and slow down you getting help.

follow advice here and post the logs those programs make
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
16-Sep-2013, 08:06 AM #3
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:52 PM, on 16/09/2013
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Users\User\Desktop\Spy Stuff\HijackThis.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9256 bytes


thankyou
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
16-Sep-2013, 08:24 AM #4
You are terribly out of date and looks like you have never updated that computer since you got it
it is impossible to fix a computer that is so out of date and hasn't got the latest Service pack from Microsoft. Any fixes will be wasted and you will be immediately reinfected

first
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
16-Sep-2013, 08:45 AM #5
# AdwCleaner v3.004 - Report created 16/09/2013 at 22:38:20
# Updated 15/09/2013 by Xplode
# Operating System : Windows Vista (TM) Business (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\AVG Secure Search
[x] Not Deleted : C:\Program Files\AVG Secure Search
[x] Not Deleted : C:\Program Files\Common Files\AVG Secure Search
[x] Not Deleted : C:\Users\User\AppData\Local\AVG Secure Search
[x] Not Deleted : C:\Users\User\AppData\LocalLow\AVG Secure Search
[x] Not Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\Sma rtbar
[x] Not Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\Ext ensions\{906000A4-88D9-4D52-B209-7A772970D91F}
[x] Not Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\Ext ensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16982


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\pre fs.js ]


*************************

AdwCleaner[R0].txt - [20941 octets] - [16/09/2013 09:44:55]
AdwCleaner[R1].txt - [1622 octets] - [16/09/2013 09:59:25]
AdwCleaner[R2].txt - [1910 octets] - [16/09/2013 18:55:56]
AdwCleaner[R3].txt - [2033 octets] - [16/09/2013 22:28:28]
AdwCleaner[S0].txt - [21404 octets] - [16/09/2013 09:47:18]
AdwCleaner[S1].txt - [1721 octets] - [16/09/2013 10:03:39]
AdwCleaner[S2].txt - [2025 octets] - [16/09/2013 18:57:47]
AdwCleaner[S3].txt - [1996 octets] - [16/09/2013 22:38:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2056 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
16-Sep-2013, 11:02 AM #6
That doesn't seem to be deleting everything it should have done, unless you selected to keep the things that are marked as NOT deleted

Next go to windows update and take Service pack 1 ONLY
let it install then reboot & go back to windows update & then take Service pack 2, let it install then reboot
then go back to WU & take all updates now offered
You must take at least IE8, and I recommend IE9, but IE10 is optional at this time
report back after all that has been done
mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
16-Sep-2013, 07:54 PM #7
Hi
i have installed SP1, 3 times and rebooted, it dosnt seem to be happening??
i went to start right click on computer, and properties, no SP1 in there
what do you suggest
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Sep-2013, 01:59 AM #8
try the instructions in post 2 of this thread
http://social.technet.microsoft.com/...ll-not-install
mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
17-Sep-2013, 02:58 AM #9
Hi i was able to get SP1 installed while i was away at work, so i have download and run Reset Windows Update Tool and download and run System Update Readiness Tool , the computer is now installing some more updates ,and then i will try for SP2

the update is still happening,
iv included a url link to a snapshot of the tool bar that appeared http://imtp.me/676c018rf , and every time i press add another tab i get this toolbar page , and then when i press Home tab to get back to Google search i get 2 tabs up 1 Google and 1 this other toolbar , now i have 3 tab open wanting only 1 ??,

Last edited by mjackson1; 17-Sep-2013 at 05:15 AM.. Reason: added toolbar problem
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Sep-2013, 08:32 AM #10
once we have the computer updated we can then remove this pest
mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
18-Sep-2013, 12:02 AM #11
Hi sp1 and 2 are loaded and a whole heep of other updates

i accidentally deleting the recycle bin from the desktop and now i cannot delet somethings ?

i have also removed from programs Free avg and have Vipre on free trial , browser safeguard

Time has gone by and now i have to use another computer as the infested one when a page comes up its blocked by vipre

Last edited by mjackson1; 18-Sep-2013 at 01:33 AM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Sep-2013, 02:20 AM #12
now please follow instructions in post 2 and post ALL the logs requested not just hijackthis so we can find what is causing it
mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
18-Sep-2013, 03:32 AM #13
no 1 Microsoft fix at the end of what it was doing a black box come up but it disappeared ???

no 2 system update standalone package a message said the update does not apply to your system

is that all i had to send
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,300 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Sep-2013, 03:36 AM #14
read the instructions in post 2 carefully
it asks you to run Hijackthis DDS and Gmer and gives links to downloading the tools
mjackson1's Avatar
mjackson1 mjackson1 is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Sep 2013
18-Sep-2013, 04:47 AM #15
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:25:55 PM, on 18/09/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16506)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\wuauclt.exe
C:\Users\User\Desktop\Spy Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&ut...&ts=1379422076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&ut...&ts=1379422076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&ut...&ts=1379422076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&ut...&ts=1379422076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49168;https=127.0.0.1:49168
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files\GFI Software\VIPRE\VSGN.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\GFI Software\VIPRE\VSGN.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKLM\..\Run: [IMToolPack] "C:\Program Files\Crawler\IMToolPack\IMToolP.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\GFI Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IMToolPack] "C:\Program Files\Crawler\IMToolPack\IMToolP.exe"
O4 - HKCU\..\Run: [BrowserSafeguard] C:\Program Files\Browsersafeguard\Browsersafeguard.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\GFI Software\VIPRE\VSGN.dll
O20 - AppInit_DLLs: C:\Users\User\AppData\Local\DProtect\eBP.dll,C:\Users\User\AppData\Local\DP rotect\eBPSD.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GFI LanGuard 11 Attendant Service (gfi_lanss11_attservice) - GFI Software Development Ltd. - C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: VIPRE Internet Security (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - ThreatTrack Security, Inc. - C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11664 bytes


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506
Run by User at 17:56:26 on 2013-09-18
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.1006.125 [GMT 10:00]
.
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid =HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
uDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid =HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid =HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid =HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
uProxyServer = hxxp=127.0.0.1:49168;https=127.0.0.1:49168
uProxyOverride = <-loopback>
BHO: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrec ordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - c:\program files\gfi software\vipre\VSGN.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\gfi software\vipre\VSGN.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\gfi software\vipre\VSGN.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [IMToolPack] "c:\program files\crawler\imtoolpack\IMToolP.exe"
uRun: [BrowserSafeguard] c:\program files\browsersafeguard\Browsersafeguard.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HOSTS Anti-Adware_PUPs] c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware_main.exe
mRun: [IMToolPack] "c:\program files\crawler\imtoolpack\IMToolP.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tl-wn3~1.lnk - c:\program files\tp-link\tl-wn321g wireless utility\installer\win2k\TWCU.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Crawler Search - tbr:iemenu
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{C4E9CFE2-0E87-4C6E-8646-07474AE2F597} : DHCPNameServer = 192.168.0.1 192.168.1.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\program files\crawler\toolbar\ctbr.dll
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files\gfi software\vipre\VSGN.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
AppInit_DLLs= c:\users\user\appdata\local\dprotect\ebp.dll,c:\users\user\appdata\local\dp rotect\eBPSD.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\19nsihnf.default\
FF - prefs.js: browser.search.selectedEngine - qvo6
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/?gws_rd=cr&ei=KTk5UrhYg86TBbnXgNAI
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-09-09 08:34; {906000a4-88d9-4d52-b209-7a772970d91f}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\19nsihnf.default\ext ensions\{906000a4-88d9-4d52-b209-7a772970d91f}
FF - ExtSQL: 2013-09-09 09:36; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\19nsihnf.default\ext ensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-09-17 18:28; {4B3803EA-5230-4DC3-A7FC-33638F3D3542}; c:\program files\crawler\toolbar\firefox
FF - ExtSQL: 2013-09-18 10:33; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-09-18 12:51; avg@toolbar; c:\programdata\avg secure search\firefoxext\15.5.0.2
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-28 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2013-9-18 228048]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-24 119056]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-9-17 21504]
R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files\gfi\languard 11 agent\lnssatt.exe [2012-11-23 133496]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-18 701512]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SBAMSvc;VIPRE Internet Security;c:\program files\gfi software\vipre\SBAMSvc.exe [2013-9-5 3937472]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-6-18 70888]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2013-9-5 176016]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 UpekSrvc;Upek Service;c:\program files\thinkvantage fingerprint software\upeksrvc.exe [2010-12-7 35152]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-16 1643184]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-12-25 245760]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-6-8 81280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-18 22856]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2013-9-18 96288]
R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2012-12-11 76064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\hosts_anti_adwares_pups\hosts_anti-adware.exe -update --> c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware.exe -update [?]
S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-9-18 23656]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2013-9-18 96288]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2013-9-18 96720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2013-9-18 19968]
.
=============== Created Last 30 ================
.
2013-09-18 05:45:13 -------- d-----w- c:\users\user\appdata\roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
2013-09-18 04:34:24 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-09-18 04:30:34 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-18 04:30:34 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-09-18 04:30:34 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-09-18 04:30:32 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-09-18 04:30:30 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-09-18 04:30:29 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-18 04:30:29 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-18 02:51:26 -------- d-----w- c:\program files\AVG Secure Search
2013-09-18 00:33:50 -------- d-----w- c:\program files\RealNetworks
2013-09-18 00:33:49 -------- d-----w- c:\programdata\RealNetworks
2013-09-18 00:32:20 -------- d-----w- c:\program files\common files\xing shared
2013-09-18 00:31:04 153736 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2013-09-18 00:30:29 124504 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2013-09-18 00:24:41 -------- d-----w- c:\windows\Patches
2013-09-18 00:10:48 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-09-18 00:10:48 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-09-18 00:10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-09-18 00:10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-09-18 00:10:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-09-17 23:48:32 -------- d-----w- c:\users\user\appdata\roaming\ThreatTrack Security
2013-09-17 23:41:37 23656 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2013-09-17 23:41:36 41584 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-09-17 23:35:25 -------- d-----w- c:\users\user\appdata\roaming\VIPRE
2013-09-17 23:32:44 96720 ----a-w- c:\windows\system32\drivers\sbhips.sys
2013-09-17 23:30:14 96288 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2013-09-17 23:30:12 228048 ----a-w- c:\windows\system32\drivers\SbFw.sys
2013-09-17 23:30:06 -------- d-----w- c:\windows\system32\drivers\VDD
2013-09-17 23:29:39 -------- d-----w- c:\windows\system32\System32
2013-09-17 23:29:39 -------- d-----w- c:\programdata\GFI
2013-09-17 23:29:39 -------- d-----w- c:\program files\GFI
2013-09-17 23:29:36 -------- d-----w- c:\programdata\VIPRE
2013-09-17 23:28:37 -------- d-----w- c:\programdata\Downloaded Installations
2013-09-17 22:36:24 -------- d-----w- c:\program files\GFI Software
2013-09-17 22:35:37 -------- d-----w- c:\users\user\appdata\roaming\GFI Software
2013-09-17 22:31:08 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2013-09-17 22:30:09 40448 ----a-w- c:\windows\system32\winrs.exe
2013-09-17 22:30:09 20480 ----a-w- c:\windows\system32\winrshost.exe
2013-09-17 22:30:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2013-09-17 22:30:06 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2013-09-17 22:30:06 10240 ----a-w- c:\windows\system32\winrssrv.dll
2013-09-17 22:30:02 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2013-09-17 22:30:02 79872 ----a-w- c:\windows\system32\wecutil.exe
2013-09-17 22:30:02 56320 ----a-w- c:\windows\system32\wecapi.dll
2013-09-17 22:30:02 54272 ----a-w- c:\windows\system32\WsmRes.dll
2013-09-17 22:30:02 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2013-09-17 22:30:02 146944 ----a-w- c:\windows\system32\wecsvc.dll
2013-09-17 22:29:48 201184 ----a-w- c:\windows\system32\winrm.vbs
2013-09-17 22:29:46 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2013-09-17 22:29:45 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2013-09-17 22:29:45 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2013-09-17 22:29:45 241152 ----a-w- c:\windows\system32\winrscmd.dll
2013-09-17 22:29:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2013-09-17 22:29:44 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2013-09-17 21:56:52 -------- d-----w- c:\windows\system32\eu-ES
2013-09-17 21:56:52 -------- d-----w- c:\windows\system32\ca-ES
2013-09-17 21:56:47 -------- d-----w- c:\windows\system32\vi-VN
2013-09-17 21:47:06 -------- d-----w- c:\windows\system32\SPReview
2013-09-17 21:19:30 928768 ----a-w- c:\windows\system32\scavenge.dll
2013-09-17 21:19:23 57856 ----a-w- c:\windows\system32\compcln.exe
2013-09-17 21:17:59 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2013-09-17 21:16:56 950272 ----a-w- c:\windows\system32\mblctr.exe
2013-09-17 21:12:37 125952 ----a-w- c:\windows\system32\srvsvc.dll
2013-09-17 21:12:34 17920 ----a-w- c:\windows\system32\netevent.dll
2013-09-17 21:11:21 502272 ----a-w- c:\windows\system32\usp10.dll
2013-09-17 21:11:11 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2013-09-17 21:11:11 515584 ----a-w- c:\program files\windows mail\wab.exe
2013-09-17 21:11:11 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2013-09-17 21:10:48 292864 ----a-w- c:\windows\system32\atmfd.dll
2013-09-17 21:10:47 72704 ----a-w- c:\windows\system32\fontsub.dll
2013-09-17 21:10:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-09-17 21:10:29 413696 ----a-w- c:\windows\system32\odbc32.dll
2013-09-17 21:10:25 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-09-17 21:10:23 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2013-09-17 21:10:23 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2013-09-17 21:10:22 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2013-09-17 21:10:22 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2013-09-17 21:08:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-09-17 21:08:38 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2013-09-17 21:08:33 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-09-17 21:08:31 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-17 21:08:30 1205080 ----a-w- c:\windows\system32\ntdll.dll
2013-09-17 21:08:13 1136640 ----a-w- c:\windows\system32\mfc42.dll
2013-09-17 21:08:12 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2013-09-17 21:08:07 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2013-09-17 21:08:03 81920 ----a-w- c:\windows\system32\iccvid.dll
2013-09-17 21:06:52 1169408 ----a-w- c:\windows\system32\sdclt.exe
2013-09-17 21:06:45 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2013-09-17 21:06:42 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2013-09-17 21:06:40 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-09-17 21:06:39 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-09-17 21:06:32 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2013-09-17 21:06:28 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-09-17 21:06:27 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-09-17 21:06:23 563712 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-17 21:06:09 36864 ----a-w- c:\windows\system32\rtutils.dll
2013-09-17 21:06:00 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-09-17 21:05:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-09-17 21:05:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-09-17 21:05:45 867328 ----a-w- c:\windows\system32\wmpmde.dll
2013-09-17 21:04:35 429056 ----a-w- c:\windows\system32\EncDec.dll
2013-09-17 21:04:35 322560 ----a-w- c:\windows\system32\sbe.dll
2013-09-17 21:04:35 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2013-09-17 21:04:34 153088 ----a-w- c:\windows\system32\sbeio.dll
2013-09-17 21:04:25 601600 ----a-w- c:\windows\system32\schedsvc.dll
2013-09-17 21:04:25 352768 ----a-w- c:\windows\system32\taskschd.dll
2013-09-17 21:04:24 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-09-17 21:04:24 270336 ----a-w- c:\windows\system32\taskcomp.dll
2013-09-17 21:04:24 171520 ----a-w- c:\windows\system32\taskeng.exe
2013-09-17 21:04:02 739328 ----a-w- c:\windows\system32\inetcomm.dll
2013-09-17 21:03:56 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-17 21:03:11 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-09-17 21:03:05 81920 ----a-w- c:\windows\system32\consent.exe
2013-09-17 21:02:47 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-09-17 21:02:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2013-09-17 20:53:08 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-09-17 20:53:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2013-09-17 20:52:59 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-17 20:52:50 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-09-17 20:45:56 -------- d-----w- c:\windows\system32\EventProviders
2013-09-17 20:20:28 276992 ----a-w- c:\windows\system32\schannel.dll
2013-09-17 12:50:15 -------- d-----w- c:\program files\Browsersafeguard
2013-09-17 12:49:19 -------- d-----w- c:\program files\Optimizer Pro
2013-09-17 12:48:18 -------- d-----w- c:\programdata\eSafe
2013-09-17 12:48:13 -------- d-----w- c:\users\user\appdata\local\DProtect
2013-09-17 12:47:57 -------- d-----w- C:\User Data
2013-09-17 08:28:11 -------- d-----w- c:\program files\Crawler
2013-09-17 06:28:17 -------- d-----w- c:\windows\CheckSur
2013-09-17 03:27:26 -------- d-----w- C:\PerfLogs
2013-09-17 00:18:02 193024 ----a-w- c:\windows\system32\recdisc.exe
2013-09-17 00:17:53 6656 ----a-w- c:\windows\system32\sdspres.dll
2013-09-17 00:17:02 28160 ----a-w- c:\windows\system32\sxproxy.dll
2013-09-17 00:14:55 531456 ----a-w- c:\windows\system32\objsel.dll
2013-09-17 00:13:54 81920 ----a-w- c:\windows\system32\shacct.dll
2013-09-17 00:12:59 68096 ----a-w- c:\windows\system32\basesrv.dll
2013-09-17 00:11:59 59392 ----a-w- c:\program files\windows media player\wmprph.exe
2013-09-17 00:03:48 -------- d-----w- C:\85c994c0782925ade07056043b21
2013-09-16 19:04:21 -------- d-----w- c:\users\user\appdata\local\WindowsUpdate
2013-09-16 07:17:13 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2013-09-16 07:15:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-09-16 07:15:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-09-16 06:54:37 -------- d-----w- c:\programdata\CDB
2013-09-16 05:59:13 -------- d-----w- c:\windows\system32\appmgmt
2013-09-16 05:55:27 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5d93689f-b545-4af4-b801-8e25682be157}\mpengine.dll
2013-09-16 05:50:53 -------- d-----w- c:\users\user\appdata\local\Avg2014
2013-09-16 00:31:29 -------- d-----w- c:\program files\Enigma Software Group
2013-09-16 00:29:45 -------- d-----w- c:\windows\865537E164904193A4B6669C62711852.TMP
2013-09-16 00:29:32 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-09-16 00:01:11 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-09-15 23:44:50 -------- d-----w- C:\AdwCleaner
2013-09-08 22:42:33 -------- d-----w- c:\programdata\HitmanPro
2013-09-08 22:34:04 -------- d-----w- c:\users\user\appdata\local\Google
2013-09-05 11:33:22 13712 ----a-w- c:\windows\system32\drivers\vdd\apvdd.dll
2013-09-05 11:33:20 44944 ----a-w- c:\windows\system32\sbbd.exe
2013-08-19 22:28:09 -------- d-----w- c:\users\user\appdata\roaming\RealNetworks
2013-08-19 21:32:44 -------- d-----w- c:\users\user\appdata\local\Apps
.
==================== Find3M ====================
.
2013-09-18 04:34:24 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2013-09-18 04:30:39 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2013-09-18 00:29:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-17 03:11:29 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2013-09-17 03:11:14 82432 ----a-w- c:\windows\system32\axaltocm.dll
2013-09-15 22:32:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 22:32:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-15 22:00:56 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-06 18:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:57:45.70 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 14/06/2012 2:21:56 PM
System Uptime: 18/09/2013 3:49:39 PM (2 hours ago)
.
Motherboard: LENOVO | | 766512M
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 43.898 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 56 GiB total, 38.73 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP417: 18/09/2013 7:10:09 AM - Windows Vista™ Service Pack 2
RP418: 18/09/2013 8:26:43 AM - Windows Update
RP419: 18/09/2013 9:30:23 AM - Device Driver Package Install: GFI Software Network Service
RP420: 18/09/2013 10:05:41 AM - Windows Update
RP421: 18/09/2013 11:10:43 AM - Windows Update
RP422: 18/09/2013 2:28:05 PM - Windows Modules Installer
RP423: 18/09/2013 5:09:38 PM - Installed Microsoft Fix it 50202
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Brother MFL-Pro Suite MFC-J430W
BrowserSafeguard
Crawler Toolbar
GoToMeeting 5.4.0.1082
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IM ToolPack
Intel PROSet Wireless
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 4.2.2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nuance PaperPort 12
Nuance PDF Viewer Plus
NVIDIA Drivers
PaperPort Image Printer
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
RoboForm 7-8-2-5 (All Users)
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SUPERAntiSpyware
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Fingerprint Software
TL-WN321G Wireless Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIPRE Internet Security
Wsys Control 10.2.1.2634
.
==== Event Viewer Messages From Past Week ========
.
18/09/2013 9:49:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
18/09/2013 9:49:08 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/09/2013 9:04:59 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
18/09/2013 9:04:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
18/09/2013 8:03:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
18/09/2013 8:03:05 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/09/2013 8:03:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
18/09/2013 8:02:32 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
18/09/2013 3:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/09/2013 3:51:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/09/2013 3:50:56 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/09/2013 3:50:56 PM, Error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The system cannot find the file specified.
18/09/2013 3:42:15 PM, Error: Service Control Manager [7034] - The VIPRE Internet Security service terminated unexpectedly. It has done this 1 time(s).
18/09/2013 10:50:48 AM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).
.
==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-18 18:37:31
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS541680J9SA00 rev.SB2IC7UP 74.53GB
Running: 6fms2f30.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- System - GMER 2.1 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8CAEC640]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 621 81CF8DA4 4 Bytes [40, C6, AE, 8C]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x89E00320, 0x3F6A07, 0xE8000020]
? C:\Users\User\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2616] kernel32.dll!SetUnhandledExceptionFilter 76FAA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys

Device \Driver\BTHUSB \Device\00000072 bthport.sys
Device \Driver\BTHUSB \Device\00000074 bthport.sys

AttachedDevice \Driver\tdx \Device\Udp SbFw.sys
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26fb85d0
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26fb85d0 (not active ControlSet)

---- EOF - GMER 2.1 ----
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑