1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijacked by websearch good results to start with

Discussion in 'Virus & Other Malware Removal' started by kbmccarthy, Feb 23, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    I have been hijacked by websearch good results and there are windows that pop up randomly with ads or congratulations you are a winner and response time have been extremely slow. I was unable to download the gmer index file, I kept getting a file not found error. The other logs are pasted below.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:56:56 PM, on 2/22/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Users\Kimmy\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: SaveAs - {B74F7D95-7A98-8A0F-7A09-C50747EEC081} - C:\ProgramData\SaveAs\5107f1be1f4ca.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
    O2 - BHO: Search-NewTab - {E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242} - C:\ProgramData\Search-NewTab\5107f26dddefd.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\iebho.dll c:\progra~1\saveas\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (file missing)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16215 bytes



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by Kimmy at 23:02:47 on 2013-02-22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2167 [GMT -6:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
    C:\Windows\system32\agr64svc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\BetterSoft\SaveAs\SaveAs.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
    BHO: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: SaveAs: {B74F7D95-7A98-8A0F-7A09-C50747EEC081} - C:\ProgramData\SaveAs\5107f1be1f4ca.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    BHO: Search-NewTab: {E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242} - C:\ProgramData\Search-NewTab\5107f26dddefd.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\Kimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TCP: NameServer = 68.114.37.166 68.113.206.10 24.217.0.5
    TCP: Interfaces\{DBD77E2E-2A22-4F1F-B82E-C844BCEE62AA} : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{DF998A82-021F-4E15-B2A5-45A3532C8DB9} : DHCPNameServer = 68.114.37.166 68.113.206.10 24.217.0.5
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\iebho.dll c:\progra~1\saveas\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    x64-BHO: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: keyword.URL -
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
    FF - plugin: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\plugins\NP_2020Player_WEB.dll
    FF - plugin: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\plugins\npLMI64.dll
    FF - plugin: C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-01-29 09:58; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
    FF - ExtSQL: 2013-01-29 10:01; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
    FF - ExtSQL: 2013-02-10 16:55; [email protected]; C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - ExtSQL: 2013-02-10 16:57; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
    FF - ExtSQL: 2013-02-18 18:08; [email protected]; C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2011-02-17 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - ExtSQL: !HIDDEN! 2011-04-06 18:31; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2013-02-10 16:55; [email protected]; C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.autoDisableScopes, 14
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e816e11f000000000000002100f8486d&q=
    FF - user.js: extensions.BabylonToolbar.id - e816e11f000000000000002100f8486d
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15668
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.811:14:31
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 228768]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
    R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2013-1-22 335288]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [2009-3-2 89600]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 30520]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-18 365904]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-18 193840]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-7-15 126464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-18 89920]
    SUnknown NisSrv;NisSrv; [x]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-02-19 09:17:48 70004024 ----a-w- C:\Windows\System32\mrt.exe
    2013-02-19 00:13:50 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-19 00:13:49 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-29 15:35:51 49872 ----a-w- C:\Windows\System32\drivers\paqqwtro.sys
    2013-01-22 19:53:32 335288 ----a-w- C:\Windows\System32\drivers\acedrv11.sys
    2013-01-09 01:48:55 17812992 ----a-w- C:\Windows\System32\mshtml.dll
    2013-01-09 01:22:26 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:29 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:10:26 237056 ----a-w- C:\Windows\System32\url.dll
    2013-01-09 01:09:10 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:50 816640 ----a-w- C:\Windows\System32\jscript.dll
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:06:39 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-01-09 01:05:45 2147840 ----a-w- C:\Windows\System32\iertutil.dll
    2013-01-09 01:04:58 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-09 01:00:48 248320 ----a-w- C:\Windows\System32\ieui.dll
    2013-01-08 22:23:25 12321280 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:09:18 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-01-08 22:03:57 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 22:01:48 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2013-01-08 22:00:14 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:43 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:57:49 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-01-08 21:56:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-01-08 21:56:37 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-08 21:53:13 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-04 11:31:10 1417576 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-04 02:23:07 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    .
    ============= FINISH: 23:03:49.49 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/7/2009 12:56:44 PM
    System Uptime: 2/22/2013 9:20:06 PM (2 hours ago)
    .
    Motherboard: Quanta | | 3602
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU | 800/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 150.703 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.964 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Microsoft Tun Miniport Adapter #2
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Agere Systems HDA Modem
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Auslogics BoostSpeed
    Auslogics Registry Cleaner
    Body Spectrum
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    C4600
    CCleaner
    Compatibility Pack for the 2007 Office system
    Corel OCR-Trace
    CyberLink DVD Suite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    Drakensang
    EA Download Manager
    ESU for Microsoft Vista
    FloorPlan 3D v8
    Foldit
    GIMP 2.6.7
    Google Chrome
    Google Update Helper
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 14.0
    HP Doc Viewer
    HP Help and Support
    HP Imaging Device Functions 14.0
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart Webcam
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Photo Creations
    HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
    HP Print Projects 1.0
    HP Quick Launch Buttons 6.40 H2
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0128
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPDiagnosticAlert
    HPPhotoGadget
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    HPTCSSetup
    hpWLPGInstaller
    IDT Audio
    iLivid
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Juno Preloader
    LabelPrint
    LeapFrog Connect
    LeapFrog Tag Plugin
    LightScribe System Software 1.14.17.1
    MarketResearch
    McAfee Security Scan Plus
    Media Player
    Media Player Packages
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Live Search Toolbar
    Microsoft Office 2000 Premium
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    Mplayer 0.6.9
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    NetZero Preloader
    OverDrive Media Console
    Photo Pos Pro
    PhotoScape
    Picasa 3
    Pivot Stickfigure Animator
    Power2Go
    PowerDirector
    ProtectDisc Driver, Version 11
    ProtectSmart Hard Drive Protection
    PS_AIO_05_C4600_Software_Min
    Punch! Professional Home Design - Platinum
    QuickTime
    QuickTransfer
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    SAMSUNG Intelli-studio
    SaveAs
    SaveAs 1.74
    Scan
    Search-NewTab
    Search Assistant WebSearch 1.74
    SearchCore for Browsers
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 5.10
    Slingbox - Watch Your TV Anywhere
    SlingPlayer
    SmartWebPrinting
    Software Version Updater
    SolutionCenter
    SPORE Creature Creator Trial Edition
    StartNow Toolbar
    Status
    Sweet Home 3D version 3.2
    swMSM
    Synaptics Pointing Device Driver
    The Sims 2 Family Fun Stuff
    The Sims 2 Open For Business
    The Sims 2 Pets
    The Sims 2 University
    The Sims™ 2 Apartment Life
    The Sims™ 2 Bon Voyage
    The Sims™ 2 Double Deluxe
    The Sims™ 2 H&M® Fashion Stuff
    The Sims™ 2 Kitchen & Bath Interior Design Stuff
    The Sims™ 2 Seasons
    The Sims™ 2 Teen Style Stuff
    Toolbox
    Total 3D Home Deluxe
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    WebReg
    Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== End Of File ===========================
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  3. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    Unable to download and run the rogue killer.


    # AdwCleaner v2.113 - Logfile created 02/23/2013 at 22:01:26
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Kimmy - COMPUTER
    # Boot Mode : Normal
    # Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Updater Service for StartNow Toolbar

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Ask.com
    Deleted on reboot : C:\Program Files (x86)\Coupon Companion Plugin
    Deleted on reboot : C:\Program Files (x86)\Ilivid
    Deleted on reboot : C:\Program Files (x86)\SaveAs
    Deleted on reboot : C:\Program Files (x86)\SearchCore for Browsers
    Deleted on reboot : C:\ProgramData\Babylon
    Deleted on reboot : C:\ProgramData\BetterSoft
    Deleted on reboot : C:\ProgramData\blekko toolbars
    Deleted on reboot : C:\ProgramData\boost_interprocess
    Deleted on reboot : C:\ProgramData\ClickIT
    Deleted on reboot : C:\ProgramData\InstallMate
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab
    Deleted on reboot : C:\ProgramData\SaveAs
    Deleted on reboot : C:\ProgramData\Search-NewTab
    Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
    Deleted on reboot : C:\Users\Kimmy\AppData\Local\Coupon Companion Plugin
    Deleted on reboot : C:\Users\Kimmy\AppData\Local\Ilivid
    Deleted on reboot : C:\Users\Kimmy\AppData\Local\Ilivid Player
    Deleted on reboot : C:\Users\Kimmy\AppData\Local\SwvUpdater
    Deleted on reboot : C:\Users\Kimmy\AppData\Local\Temp\CT3272718
    Deleted on reboot : C:\Users\Kimmy\AppData\LocalLow\AskToolbar
    Deleted on reboot : C:\Users\Kimmy\AppData\Roaming\Babylon
    Deleted on reboot : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    Deleted on reboot : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
    Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    File Deleted : C:\END
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    File Deleted : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\searchplugins\WebSearch.xml
    File Deleted : C:\Users\Kimmy\Desktop\iLivid.lnk
    File Deleted : C:\Windows\Tasks\AmiUpdXp.job

    ***** [Registry] *****

    Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\SEARCH~1\x64\datamngr.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\saveas\sprote~1.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~1\search~1\datamngr.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchCore for Browsers
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\SearchCore for Browsers
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
    Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\ilivid
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
    Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\Software\SearchCore for Browsers
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B74F7D95-7A98-8A0F-7A09-C50747EEC081}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B74F7D95-7A98-8A0F-7A09-C50747EEC081}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E94EA3BC-BAE3-7CA4-0B32-5C772FDB7242}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKU\S-1-5-21-2196127602-2517890934-2989324103-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

    C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\user.js ... Deleted !

    Deleted : user_pref("browser.startup.homepage", "hxxp://search.startnow.com/s/?src=startpage&provider=&provide[...]
    Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
    Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
    Deleted : user_pref("keyword.URL", "hxxp://search.startnow.com/s/?src=addrbar&provider=&provider_name=startnow[...]

    File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

    C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\user.js ... Deleted !

    Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Deleted : user_pref("aol_toolbar.default.search.check", false);
    Deleted : user_pref("extensions.5107f1be1f3ed.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.id", "e816e11f000000000000002100f8486d");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15668");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:14:31");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
    Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
    Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "pos.startnow.com");

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.20] : icon_url = "hxxp://www.startnow.com/startnow/images/sn_favicon.ico",
    Deleted [l.26] : search_url = "hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_[...]
    Deleted [l.107] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provide[...]

    File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.444] : homepage = "hxxp://search.conduit.com/?CUI=UN18525397971864171&ctid=CT3272718&SearchSource=48",

    *************************

    AdwCleaner[S1].txt - [19815 octets] - [23/02/2013 22:01:26]

    ########## EOF - C:\AdwCleaner[S1].txt - [19876 octets] ##########
     
  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    How is the system running now?

    What happened when you clicked the button on the website to download RogueKiller?
     
  5. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    The screen shots would not paste so here is an attachment that I pasted the screen shots to.
     

    Attached Files:

  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That does not tell me much, when you clicked on the button to download the appropriate bit rate of RK what happened next?

    You didn't answer this:
     
  7. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    The hijacker is still on board.
    The RK downloads 10.8 KB of data, but when I try to open it I get
    <!doctype html>
    <html lang="en">
    <head>
    <link rel="icon"
    type="image/x-icon"
    href="images/fav.ico">
    <meta charset="utf-8" />
    <meta name="description" content="RogueKiller : Malware removal tool against rogues, ransomwares and some rootkits...">
    <title>Download RogueKiller (Official website)</title>
    <link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
    <link rel="stylesheet" type="text/css" href="print.css" media="print" />
    <!--[if IE]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
    <script type="text/javascript">

    var _gaq = _gaq || [];
    _gaq.push(['_setAccount', 'UA-34614131-1']);
    _gaq.push(['_trackPageview']);

    (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
    })();

    </script>

    <SCRIPT TYPE="text/javascript">
    <!--
    var clickedOnce = false;
    function popup(mylink, windowname)
    {
    if (clickedOnce) return true;
    if (! window.focus)return true;
    var href;
    if (typeof(mylink) == 'string')
    href=mylink;
    else
    href=mylink.href;
    window.open(href, windowname, 'top=100,left=100,width=365,height=370,scrollbars=no,toolbar=no,location=yes,resizable=no,menubar=yes,status=no');
    clickedOnce = true;
    return false;
    }
    //-->
    </SCRIPT>

    </head>
    <body <!--onClick="popup('pop.php', 'ad')" -->>
    <div id="wrapper"><!-- #wrapper -->

    <!-- header -->
    <header>
    <h1><a href="#">Tigzy's website</a></h1>
    <h2>... about Malware analysis</h2>
    <img src="images/banniere.png" width="940" height="200" alt=""><!-- header image -->
    </header>

    <!-- top nav -->
    <nav>
    <div class="menu">
    <ul>
    <li><a href="index.php">Home</a></li>
    </li>
    <li><a href="#">Tools 1</a>
    <ul>
    <li><a href="taskstrun.php">TaskSTRun</a></li>
    <li><a href="roguekiller.php">RogueKiller</a></li>
    <li><a href="wigi.php">WIGI</a></li>
    <li><a href="cryptonic.php">Cryptonic</a></li>
    <li><a href="forcehide.php">ForceHide</a></li>
    </ul>
    </li>
    <li><a href="#">Tools 2</a>
    <ul>
    <li><a href="loganalyzer.php">LogAnalyzer</a></li>
    <li><a href="mbrAnalyser.php">mbrAnalyser</a></li>
    <li><a href="MD5Look.php">MD5Look</a></li>
    <li><a href="vtu.php">VTUploaderZ</a></li>
    <li><a href="adwprotector.php">AdwProtector</a></li>
    </ul>
    </li>
    <li><a href="#">Tools 3</a>
    <ul>
    <li><a href="protectmytool.php">ProtectMyTool</a></li>
    <li><a href="diffview.php">DiffView</a></li>
    </ul>
    </li>
    <li><a href="#">Publications</a>
    <ul>
    <li><a href="http://tigzyrk.blogspot.fr/2012/08/analysis-apimonitor-is-handy.html">[Blog] API Monitor</a></li>
    <li><a href="http://tigzyrk.blogspot.fr/2012/06/info-facebook-detournement-de-likes.html">[Blog FR] Like Hijacks</a></li>
    <li><a href="http://tigzyrk.blogspot.fr/2012/06/info-01net-comment-monetiser-sur-le-dos.html">[Blog FR] 01 Monetization</a></li>
    <li><a href="http://tigzyrk.blogspot.fr/2012/09/analysis-chronicles-of-pe-infector.html">[Blog] Chronicles of a PE Infector</a></li>
    <li><a href="http://tigzyrk.blogspot.fr/2012/10/analysis-win32symmi-naked-decryption.html">[Blog] Win32.Symmi - decryption</a></li>
    </ul>
    </li>
    <li><a href="contact.php">Contact</a></li>
    </ul>
    </div>
    </nav>
    <!-- #main content and sidebar area -->
    <section id="main">
    <section id="container_tools"><!-- #container -->
    <section id="content_tools"><!-- #content -->

    <article>
    <h2><strong><em>RogueKiller :</em></strong></h2>
    <h4>
    <script type="text/javascript" src="https://apis.google.com/js/plusone.js">
    {lang: 'fr'}
    </script>
    <div class="download">
    Build 32 bits (x86) :
    </div>
    <a href="http://tigzy.geekstogo.com/Tools/RogueKiller.exe">
    <img class="download" src="images/download.png" height="100" width="100" alt="taskstrun"/>
    </a>
    <div class="download">
    64 bits (x64) :
    </div>
    <a href="http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe">
    <img class="download" src="images/download_purple.png" height="100" width="100" alt="taskstrun"/>
    </a>
    <div class="script">
    <iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2F%23%21%2Fpages%2FRogueKiller%2F169413966416663&amp;layout=box_count&amp;show_faces=true&amp;width=60&amp;action=like&amp;font=tahoma&amp;colorscheme=light&amp;height=65" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:60px; height:65px;" allowTransparency="true"></iframe>
    </div>
    <div class="script">
    <g:plusone size="tall" href="https://plus.google.com/109539237491540579569"></g:plusone>
    </div>
    </h4>
    <br class="clear"/>
    <center>
    <div align=middle style="display:inline-block">
    <div align=middle style="float: left">
    <script type="text/javascript"><!--
    google_ad_client = "ca-pub-1402516409062885";
    /* annonce2 */
    google_ad_slot = "0814057246";
    google_ad_width = 336;
    google_ad_height = 280;
    //-->
    </script>
    <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
    </script>
    </div>
    </div>
    </center>
    <br class="clear"/><br/><br/>
    <p class="description">Tutorial : Please look at <a href="http://tigzyrk.blogspot.fr/2012/11/en-roguekiller-official-tutorial.html">this link for a detailled user guide</a></p>
    <p class="description">Description : RogueKiller is a program written in C++ and able to :</p>
    <div class="liste">
    <ul>
    <li>Kill malicious processes</li>
    <li>Stop malicious services</li>
    <li>Unload malicious DLLs from processes</li>
    <li>Kill malicious hidden processes</li>
    <li>Find and remove malicious autostart entries, including :
    <ol>
    <li>Registry keys (RUN/RUNONCE, ...)</li>
    <li>Tasks (Scheduler 1.0/2.0)</li>
    <li>Startup folders</li>
    </ol>
    </li>
    <li>Hijack entries, including :
    <ol>
    <li>Shell / Load entries</li>
    <li>Extension association hijacks</li>
    <li>DLL hijacks</li>
    <li>Many, many others ...</li>
    </ol>
    </li>
    <li>Read / Fix DNS Hijacks (DNS Fix button)</li>
    <li>Read / Fix Proxy Hijacks (Proxy Fix button)</li>
    <li>Read / Fix Hosts Hijacks (Hosts Fix button)</li>
    <li>Restore shortcuts / files hidden by rogues of type "Fake HDD"</li>
    <li>Read / Fix malicious Master Boot Record (MBR) -- Even hidden by rootkit</li>
    <li>List / Fix SSDT - Shadow SSDT - IRP Hooks (Even with inline hooks)</li>
    <li>Find and restore system files patched / faked by a rootkit</li>

    <br/><br/>
    <img src="images/RogueKiller.PNG" width="600" height="454" alt="RogueKiller" class="aligncenter"/>
    </ul>
    </div>
    <p class="liste">Also able to remove lots of actual infections, including ZeroAccess, TDSS, all rogues, and many Ransomwares.
    Detections are Blacklist/Whitelist based or Heuristic based</p>

    <div class="liste">
    <p><strong>RogueKiller is available in the following languages : </strong></p>
    <ul>
    <li>French</li>
    <li>English</li>
    <li>Chinese</li>
    <li>Czech</li>
    <li>German</li>
    <li>Greek</li>
    <li>Italian</li>
    <li>Dutch</li>
    <li>Portuguese</li>
    <li>Russian</li>
    <li>Spanish</li>
    <li>Slovak</li>
    </ul>
    <div/>
    </article>

    </section><!-- end of #content -->
    </section><!-- end of #container -->

    <aside id="sidebar_tools"><!-- sidebar -->

    <h3>Links</h3>
    <ul>
    <li><a href="http://www.sur-la-toile.com/RogueKiller/">RogueKiller</a></li>
    <li><a href="http://tigzyrk.blogspot.fr/">TigzyRK BlogSpot</a></li>
    </ul>

    <h3>Social Networks</h3>
    <br/>
    <p class="socialnet">
    <img class="socialnet" src="images/facebook.png" width="32" height="32" alt="" />
    <a href="http://www.facebook.com/pages/RogueKiller/169413966416663">RogueKiller's page</a>
    </p>
    <p class="socialnet">
    <img class="socialnet" src="images/twitter.png" width="32" height="32" alt="" />
    <a class="socialnet" href="https://twitter.com/TigzyRK">@tigzyRK</a>
    </p>
    <p class="socialnet">
    <img class="socialnet" src="images/youtube.png" width="32" height="32" alt="" />
    <a class="socialnet" href="http://www.youtube.com/user/TigzyRK">Tigzy on Youtube</a>
    </p>
    <p class="socialnet">
    <img class="socialnet" src="images/blogspot.png" width="32" height="32" alt="" />
    <a class="socialnet" href="http://tigzyrk.blogspot.fr/">TigzyRK Blogspot</a>
    </p>
    <div align=middle style="float: left">
    <iframe align=middle allowtransparency="true" frameborder="0" scrolling="no" src="http://platform.twitter.com/widgets/follow_button.html?screen_name=tigzyRK&show_count=false" style="width:200px; height:20px;"></iframe>
    </div>
    <br/><br/><br/>
    <h3>Make a donation</h3>
    <br/>
    <p class="socialnet">
    <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=KVU4N4DX44FNG&lc=FR&item_name=RogueKiller&currency_code=EUR&bn=PP%2dDonationsBF%3abtn_donate_LG%2egif%3aNonHosted">
    <img class="socialnet" src="images/PaypalEuro.png" width="104" height="50" alt="" />
    </a>
    <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=KVU4N4DX44FNG&lc=US&item_name=RogueKiller&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_LG%2egif%3aNonHosted">
    <img class="socialnet" src="images/PaypalDollar.png" width="104" height="50" alt="" />
    </a>
    </p>
    <br class="clear">
    <div style="float: left">
    <script type="text/javascript"><!--
    google_ad_client = "ca-pub-1402516409062885";
    /* Website4 */
    google_ad_slot = "2503626517";
    google_ad_width = 160;
    google_ad_height = 600;
    //-->
    </script>
    <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
    </script>
    </div>
    <br/>
    </aside><!-- end of sidebar -->

    </section><!-- end of #main content and sidebar-->

    <footer>
    <section id="footer-area">
    <section id="footer-outer-block">
    <aside class="advetis">
    <center>
    <div align=middle style="display:inline-block">
    <div align=middle style="float: center">
    <script type="text/javascript"><!--
    google_ad_client = "ca-pub-1402516409062885";
    /* WebSite 1 */
    google_ad_slot = "6505048960";
    google_ad_width = 728;
    google_ad_height = 90;
    //-->
    </script>
    <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
    </script>
    </div>
    </div>
    </center>
    </aside>
    </section>
    </section>
    </footer>
    </div><!-- #wrapper -->
    </body>
    </html>
     
  8. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    RogueKiller is close to 800KB so clearly something is blocking it.

    Lets try this. Download and run RKill as instructed below and post the log from it, then before you reboot the system try to run RogueKiller again, if it still fails, delete the icon on your desktop and download it again and give it another try.

    Please download RKill
    There are three buttons to choose from with different names on, select the first one and save it to your desktop.


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.
     
  9. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/27/2013 04:02:26 PM in x64 mode.
    Windows Version: Windows Vista (TM) Home Premium Service Pack 2

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost
    ::1 localhost

    Program finished at: 02/27/2013 04:02:42 PM
    Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
     
  10. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Try to download RogueKiller from this page which uses a different download address. This page is in French and is the original page for the tool, just scroll down and find the two blue download buttons, choose the button with X64 next to it.

    http://www.sur-la-toile.com/RogueKiller/
     
  11. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    There was no c:\rkill.log, but this posted on the desktop

    RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Kimmy [Admin rights]
    Mode : Scan -- Date : 02/28/2013 11:45:39
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [TASK][SUSP PATH] schedule!422607286.job : C:\ProgramData\BetterSoft\SaveAs\SaveAs.exe /schedule /profile "c:\programdata\bettersoft\saveas\422607286.ini" [-] -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    There was no c:\rkill.log :confused: You already sent it in post 9 ;).

    There are some items in your installed programs list that need to be removed, please uninstall these items:

    SaveAs
    SaveAs 1.74
    Search Assistant WebSearch 1.74

    Please complete the uninstalls before running the other scans requested below.

    RogueKiller only shows one suspect entry 'Bettersoft' but it is probably not related to the hijack, ADWCleaner had removed an item that is related to 'Bettersoft' so we need to delete what RogueKiller found.

    Going back to the ADWCleaner log, it showed it replaced the Start Page in IE and changed it to Google.

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=402&r=2013/01/29&hid=1244792560&lg=EN&cc=US --> hxxp://www.google.com

    In view of this please run ADWCleaner again and post the new log, then also tell me if the start page has changed or not.

    Please also run RogueKiller again, when the prescan completes hit the Scan button and then when that completes hit the Delete button, then the Report button and post the new log.
     
  13. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    I don't use IE, but the home page for mozilla changed and I have a few other issues occurring. This message is appearing when windows opens


    And a blank notepad will open randomly.
    Here is the first log.

    # AdwCleaner v2.113 - Logfile created 03/01/2013 at 09:58:17
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Kimmy - COMPUTER
    # Boot Mode : Normal
    # Running from : C:\Users\Kimmy\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Ask.com
    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Deleted on reboot : C:\Program Files (x86)\Coupon Companion Plugin
    Deleted on reboot : C:\Program Files (x86)\Ilivid
    Deleted on reboot : C:\Program Files (x86)\SearchCore for Browsers
    Deleted on reboot : C:\ProgramData\Babylon
    Deleted on reboot : C:\ProgramData\blekko toolbars
    Deleted on reboot : C:\ProgramData\boost_interprocess
    Deleted on reboot : C:\ProgramData\ClickIT
    Deleted on reboot : C:\ProgramData\InstallMate
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab
    Deleted on reboot : C:\ProgramData\SaveAs
    Deleted on reboot : C:\ProgramData\Search-NewTab
    Deleted on reboot : C:\Users\ERBM\AppData\LocalLow\AskToolbar
    Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-US)

    File : C:\Users\ERBM\AppData\Roaming\Mozilla\Firefox\Profiles\ltjrm6j2.default\prefs.js

    [OK] File is clean.

    File : C:\Users\Kimmy\AppData\Roaming\Mozilla\Firefox\Profiles\vjtrjvay.default\prefs.js

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("extensions.5107f1be1f3ed.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

    -\\ Google Chrome v25.0.1364.97

    File : C:\Users\ERBM\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Kimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to[...]

    *************************

    AdwCleaner[S1].txt - [19898 octets] - [23/02/2013 22:01:26]
    AdwCleaner[S2].txt - [5712 octets] - [01/03/2013 09:58:17]

    ########## EOF - C:\AdwCleaner[S2].txt - [5772 octets] ##########
     
  14. kbmccarthy

    kbmccarthy Thread Starter

    Joined:
    Sep 11, 2010
    Messages:
    58
    This is the new home page address
    http://mysearch.avg.com/?cid={FA334C9F-8D6C-4BD1-BF0A-5C0FF91EC779}&mid=bc0ab380b41b47d38ab8d1572e3e169f-373060048fc75a44511342617ee985fad3c3dccb&lang=en&ds=co011&pr=sa&d=2013-02-28%2018:39:23&v=14.2.0.1&pid=safeguard&sg=1&sap=hp

    Here is the RK Report

    RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Kimmy [Admin rights]
    Mode : Remove -- Date : 03/01/2013 10:31:32
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 +++++
    --- User ---
    [MBR] 87abe94673dd6562cf165508139d48cc
    [BSP] 65c9d9f88ecd587e1ce2c1fe940b9235 : Toshiba MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 292471 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598982656 | Size: 12770 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_03012013_02d1031.txt >>
    RKreport[1]_S_03012013_02d1028.txt ; RKreport[2]_D_03012013_02d1031.txt
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have not posted what appears when Windows opens and you stated there are a few other issues but only mentioned Notepad. Please list all the issues.

    ADWCleaner has found quite a few more items and removed this from Mozilla under your profile:

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

    Has it changed? If not please run ADWCleaner again and post the new log.

    If there is still no change look at the Add-ons under Tools and delete anything related to AVG.
    Also look under Tools, Options and select the General tab and click on return to Default for the home page.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090665