1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please check my log. Thank you

Discussion in 'Virus & Other Malware Removal' started by kellyarmstrong, Jan 12, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    OK, its a bit faster now, and I now know all the extra stuff I should have (virus ware, ad ware, etc is updated). Thanks for all your help. I only have 2 other problems, but they are for another forum. A printer that's not reading, and a an adapter I need to keep "resetting" every time I log onto the internet.
    Thanks again!!!!
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,562
    What do you mean by log on to the Internet? Do you mean whenever you open the browser?

    Please download AdwCleaner from here to your desktop

    Run AdwCleaner and select "Search" (do not select "Delete" at this time)

    Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
     
  3. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    Hey Cookie! I miss you. Its been a long time since I've had your help. I"m still loving the pic of your dog!!
    Yes, it's when I try to sign on to the internet, and it did that whether I signed in with safari or IE. I have since upgraded IE. I do have a ? Does microsoft own IE now? I used such an old shortcut I used to get on with a yahoo shortcut. I just noticed that it said msn when I open it.
    Here is the message it sends me. Netterry tried to help me a few months ago, but I couldn't get it to stop. Maybe now that my computer is getting cleaned out, it will help??

    a problem with network router or broadband modem might be preventing internet connections
    Under that there are shield type pics and they say this:
    1) automatically get new IP setting for netwrok adapter "wireless network connection"
    2) reset network adapter "wireless network connection.....resetting adapter can sometimes resolve an intermitten problem
     
  4. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    Can you give me a different reliable site to download that program from? When I go to the site and press download, it's not doing anything, then it gives me tons of stuff that must be French, because it's not in English :)
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,562
    Thanks for your comment about the picutre of my dog. :)

    Micorosft has always owned IE. It comes with their operating systems.

    OK, for AdwCleaner, use this download. Click on the first button that says "Download Now @ BleepingComputer".
     
  6. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    OK. I got it to come up but it didn't save to the desktop. I had to click a few buttons to get to it, but here is the log:
    # AdwCleaner v2.108 - Logfile created 01/26/2013 at 17:23:39
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Downloads\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Found : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
    Folder Found : C:\ProgramData\APN
    Folder Found : C:\ProgramData\AVG Security Toolbar
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\ProgramData\WeCareReminder
    Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
    Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    Folder Found : C:\Users\Owner\AppData\Local\OpenCandy
    Folder Found : C:\Users\Owner\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}
    Folder Found : C:\Users\Owner\AppData\LocalLow\AVG Security Toolbar
    Folder Found : C:\Users\Owner\AppData\LocalLow\FunWebProducts
    Folder Found : C:\Users\Owner\AppData\LocalLow\MyWebSearch
    Folder Found : C:\Users\Owner\AppData\Roaming\OpenCandy
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Found : HKCU\Software\AppDataLow\Software\I Want This
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\wecarereminder
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\iLividSRTB
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Found : HKU\S-1-5-21-1032635536-776264835-389544269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKU\S-1-5-21-1032635536-776264835-389544269-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.1] : search_url ={"backup":{"_signature":"qBE82J6NGwRYxhSw453boO8c89yv/yXczrwX3WpH0cA=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","ippkomaaonokjnfjoikaemidanojkfmm","mpfapcdfbbledbojijcbcclmlieaoogk","ndibdjnfmopecpmkdieinmbadjfpblof","nlmbiaolopoapmnngkhjofacfhkkldmh"]},"homepage":"hxxp://www.searchnu.com/406","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://www.searchnu.com/406"]}},"browser":{"check_default_browser":false,"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","window_placement":{"bottom":760,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":770,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":2,"default_search_provider":{"id":"6","name":"Search Results","hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=563&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5130951920334202&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_bookmarks":false,"import_history":false,"import_home_page":false,"import_search_engine":false,"make_chrome_default_for_user":false,"ping_delay":-60,"show_welcome_page":true,"skip_first_run_ui":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://googleads.g.doubleclick.net/",["hxxp://googleads.g.doubleclick.net/",0.2031267194550564,"hxxp://pagead2.googlesyndication.com/",0.2365162498990376,"hxxp://www.google.com/",0.2031267194550564,"hxxps://googleads.g.doubleclick.net/",0.2031267194550564]],["hxxp://static.ak.fbcdn.net/",["hxxp://upload.facebook.com/",2.2086570657060]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",2.319614810014193,"hxxp://themes.googleusercontent.com/",2.319614810014193,"hxxp://tools.google.com/",4.968130227418459,"hxxp://www.google-analytics.com/",2.319614810014193,"hxxp://www.google.com/",2.908173791659586]],["hxxp://www.facebook.com/",["hxxp://3-pct.channel.facebook.com/",2.2086570657060,"hxxp://creative.ak.fbcdn.net/",4.134152969141999,"hxxp://photos-b.ak.fbcdn.net/",3.171405017423999,"hxxp://profile.ak.fbcdn.net/",11.1943046150740,"hxxp://s0.2mdn.net/",2.5295730496120,"hxxp://secure-us.imrworldwide.com/",2.2086570657060,"hxxp://sphotos-b.xx.fbcdn.net/",2.8504890335180,"hxxp://static.ak.fbcdn.net/",23.38911200350199,"hxxp://www.facebook.com/",6.059648872577998,"hxxps://vfire.grapheffect.com/",2.2086570657060]],["hxxp://www.getbodysmart.com/",["hxxp://c.statcounter.com/",2.457556104889546,"hxxp://pagead2.googlesyndication.com/",2.457556104889546,"hxxp://www.getbodysmart.com/",9.628484739306058,"hxxp://www.google-analytics.com/",3.081115116577938,"hxxp://www.google.com/",3.081115116577938,"hxxp://www.statcounter.com/",2.457556104889546]],["hxxp://www.google.com/",["hxxp://id.google.com/",1.416212555369931,"hxxp://ssl.gstatic.com/",0.1906200199686225,"hxxp://www.google.com/",1.122000922525810]],["hxxp://www.searchnu.com/",["hxxp://www.google-analytics.com/",1.457713663365960,"hxxp://www.searchnu.com/",2.27338020]],["hxxps://www.facebook.com/",["hxxps://fbcdn-dragon-a.akamaihd.net/",2.2086570657060,"hxxps://fbexternal-a.akamaihd.net/",2.2086570657060,"hxxps://fbstatic-a.akamaihd.net/",6.380564856483998]]],"startup_list":[1,"hxxp://contentcache-a.akamaihd.net/","hxxp://dnt.cloud.avg.com/","hxxp://plugin.we-care.com/","hxxp://resources.crossrider.com/","hxxp://www.google-analytics.com/","hxxp://www.searchnu.com/"]},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"13001729644073200"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://ndibdjnfmopecpmkdieinmbadjfpblof/content/redirect.html","chrome-extension://nlmbiaolopoapmnngkhjofacfhkkldmh/config/skin/new-tab.html","chrome-extension://impenngjeidhcjpkliijkjddedpbalmn/OurLocalPage.html"]},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"ippkomaaonokjnfjoikaemidanojkfmm":{"ack_external":true,"active_permissions":{"api":["tabs","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["<all_urls>"]},"delayNetworkRequests":true,"from_bookmark":false,"from_webstore":false,"install_time":"12981582605090000","location":3,"manifest":{"background_page":"bg.html","content_scripts":[{"js":["jquery-1.7.1.min.js","slider.js"],"matches":["<all_urls>"],"run_at":"document_end"}],"description":"Turn purchases from your favorite online merchants into donations to your nonprofit, school, or association -- at no cost to you.","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgJYoH/aPXuci2cfTkwbzmd27xX08mA5SZfRQJOe+HxzblhJfwH5vrA+KYqYVN5sR8KENhYOfSJF9wjL0VSGt6quOxfR9ol/8SgEEjGcnmMC+IW536YkAL0PyGuQZjKnXNobzcj/Gf65ent8dA3n5G1E9oYIpRRiXX77f+j7m0vQIDAQAB","name":"We-Care Reminder","permissions":["tabs","hxxp://*/*","hxxps://*/*","webRequest","webRequestBlocking","webNavigation"],"update_url":"hxxp://plugin.we-care.com/chrome-updates.xml","version":"1.0.0.24"},"path":"ippkomaaonokjnfjoikaemidanojkfmm\\1.0.0.24_0","state":1},"mpfapcdfbbledbojijcbcclmlieaoogk":{"ack_external":true,"active_permissions":{"api":["contextMenus","cookies","notifications","tabs","unlimitedStorage","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"delayNetworkRequests":true,"from_bookmark":false,"from_webstore":false,"install_time":"12981582619002000","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["js/lib/util.js","js/api/cookie.js","js/api/push.js","js/api/chrome.js","js/api/message.js","js/lib/async_api.js","js/lib/app_api.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"crossrider":{"InstallationThankYouPage":true,"InstallerParams":{"source_id":"18065","sub_id":"default","uzid":"18065&subid=&pid=1135"},"appID":2258,"background_script":"background.js","debug":false,"user_script":"extension.js"},"description":"I Want This!","icons":{"128":"/icons/icon128.png","16":"/icons/icon16.png","48":"/icons/icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDilguE5aMgqRCdmN63+ufcvoATtMjQwkg82gm7Kk+rEOrMMWpZLZhUqq/04ftn7wxYtLrV+Sn4727C0eS345rxaLfp1vimQ4xTKxsP8eDF9DpZNEPtBLTIYY0PQuuVb7tDfDmQ6JmZe2ncfgtL9IXFbMs/V9CorgjYvIxPMvj7ZQIDAQAB","name":"I Want This","permissions":["hxxp://*/*","hxxps://*/*","tabs","cookies","notifications","contextMenus","webRequest","webRequestBlocking","unlimitedStorage"],"update_url":"hxxps://crossrider.cotssl.net/plugin/chrome/update/2258.xml","version":"1.17.50"},"path":"mpfapcdfbbledbojijcbcclmlieaoogk\\1.17.50_0","state":1},"ndibdjnfmopecpmkdieinmbadjfpblof":{"ack_external":true,"active_permissions":{"api":["plugin","tabs","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxp://toolbar.avg.com/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"13001284080021000","location":3,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"chrome_url_overrides":{"newtab":"content/redirect.html"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"current_locale":"en_US","default_locale":"en","description":"AVG Secure Search","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Secure Search","options_page":"content/options.html","permissions":["tabs","plugin","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"13.2.0.5"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\13.2.0.5_0","state":1,"was_installed_by_default":false},"nlmbiaolopoapmnngkhjofacfhkkldmh":{"active_permissions":{"api":["contextMenus","history","idle","management","tabs","topSites","unlimitedStorage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"]},"allowFileAccess":true,"incognito":true,"install_time":"13001284061753000","location":4,"path":"C:\\Program Files\\Search Results Toolbar\\Datamngr\\ChromeExtension","state":1}},"toolbar":["ndibdjnfmopecpmkdieinmbadjfpblof"],"toolbarsize":-1},"google":{"services":{"username":""}},"homepage":"hxxp://www.searchnu.com/406","homepage_is_newtabpage":false,"hxxp_throttling":{"enabled":true},"net":{"hxxp_server_properties":{"servers":{"clients1.google.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"googleads.g.doubleclick.net:443":{"settings":{"4":100},"supports_spdy":true},"www.google.com:443":{"settings":{"4":100},"supports_spdy":true}},"version":1}},"ntp":{"promo_build":11,"promo_feature_mask":0,"promo_is_logged_in_to_plus":false,"promo_platform":15,"promo_resource_cache_update":"1357255718.9312","sign_in_promo":{"group_max":100}},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files\\Google\\Chrome\\Application\\23.0.1271.97","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\23.0.1271.97\\PepperFlash\\pepflashplayer.dll","version":"11.4.31.110"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32_11_4_402_287.dll","version":"11,4,402,287"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files\\Google\\Chrome\\Application\\23.0.1271.97\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files\\Google\\Chrome\\Application\\23.0.1271.97\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll","version":"8.1.0.2007051000"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"QuickTime Plug-in 7.6.9","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin.dll","version":"7.6.9 (1680.9)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.9","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin2.dll","version":"7.6.9 (1680.9)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.9","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin3.dll","version":"7.6.9 (1680.9)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.9","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin4.dll","version":"7.6.9 (1680.9)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.9","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin5.dll","version":"7.6.9 (1680.9)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.9","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin6.dll","version":"7.6.9 (1680.9)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.9","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin7.dll","version":"7.6.9 (1680.9)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"AVG SiteSafety plugin","path":"C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\13.2.0\\\\npsitesafety.dll","version":"12, 0, 0, 0"},{"enabled":true,"name":"AVG SiteSafety plugin"},{"enabled":true,"name":"Motive Plugin","path":"C:\\Program Files\\Common Files\\Motive\\npMotive.dll","version":"1,0,0,23"},{"enabled":true,"name":"Motive Plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll","version":"1.3.21.123"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8","path":"C:\\Users\\Owner\\AppData\\Local\\Yahoo!\\BrowserPlus\\2.9.8\\Plugins\\npybrowserplus_2.9.8.dll","version":"2,9,8,0"},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Windows Presentation Foundation"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"name":"First user"},"promo":{"ntp_notification_promo":[{"closed":false,"end":1357707540.0,"gplus_required":false,"group":0,"increment":1,"increment_frequency":0,"increment_max":1,"max_views":15,"num_groups":1,"segment":1,"start":1356325200.0,"text":"Have a smartphone or tablet? <a href=\"hxxps://www.google.com/chrome/mobile/?utm_source=chrome&utm_medium=ntp&utm_campaign=ntp-promo\">Get Chrome for Mobile</a>","views":0}]},"selectfile":{"last_directory":"C:\\Users\\Owner\\Pictures"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://www.searchnu.com/406"]},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false}}
    *************************
    AdwCleaner[R1].txt - [20007 octets] - [26/01/2013 17:23:39]
    ########## EOF - C:\AdwCleaner[R1].txt - [20068 octets] ##########


    oh,and I must have just gotten yahoo mail from my link from my desktop because it never said msn before. I'll have to figure out how to get to my mail from a "shortcut" rather than launch ie, then go to yahoo then mail
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,562
    Please run Adwcleaner again and this time select the option to "delete" and post the resulting log.
     
  8. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    OK this is stupid but I'm sure i am doing something wrong. When I press "delete" it actually deletes the program. There is no log involved. I have tried it a few times but will try again
     
  9. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    ok after a few times of clicking, running, deleting, etc. I found this log. Hopefully I performed it right considering the log is tons shorter!!!

    # AdwCleaner v2.109 - Logfile created 01/27/2013 at 07:42:58
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\ProgramData\APN
    Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    ***** [Registry] *****
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [20138 octets] - [26/01/2013 17:23:39]
    AdwCleaner[R2].txt - [1160 octets] - [27/01/2013 07:42:58]
    AdwCleaner[S1].txt - [6127 octets] - [26/01/2013 18:29:32]
    ########## EOF - C:\AdwCleaner[R2].txt - [1280 octets] ##########
     
  10. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    OK, scratch the above post. I did it again and the computer ended up restarting and actually gave me a log, so I"m sure this is the correct one.

    # AdwCleaner v2.109 - Logfile created 01/27/2013 at 07:51:28
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    ***** [Registry] *****
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [20138 octets] - [26/01/2013 17:23:39]
    AdwCleaner[R2].txt - [1349 octets] - [27/01/2013 07:42:58]
    AdwCleaner[S1].txt - [6127 octets] - [26/01/2013 18:29:32]
    AdwCleaner[S2].txt - [1288 octets] - [27/01/2013 07:51:28]
    ########## EOF - C:\AdwCleaner[S2].txt - [1348 octets] ##########
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,562
    Yes, that's the correct one.

    Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created n your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.


    Please download GMER from: http://www.gmer.net

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,644
    First Name:
    Frank
    Cookiegal:

    I'm going to unsubscribe from this thread. If you want me to jump back in later, send me a PM. Thanks!

    ----------------------------------------------------------------
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,562
    Will do flavallee. Thanks. :)
     
  14. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    heres the first one cookie
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by Owner at 11:19:32 on 2013-01-27
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.2038.1004 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxecserv.exe
    C:\Windows\system32\lxeccoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Owner\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\lxcfcoms.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\RacAgent.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
    uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,[email protected]
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
    mRun: [Lexmark Pro800-Pro900 Series Fax Server] "c:\program files\lexmark pro800-pro900 series\fm3032.exe" /s
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\owner\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{118D78FA-05C4-46CF-B9A5-5D7899A35D07} : DHCPNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{FBB7E9FA-7484-40C0-8B5E-68D2516D0850} : DHCPNameServer = 192.168.2.1
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-1-16 21504]
    R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
    R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2011-4-27 193192]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-11-17 281088]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: scrfile="%1" %*
    FileExt: .reg: regfile=regedit.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-01-26 16:17:56 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{930c1dbb-d8ed-422c-89e5-34410ee4fcd2}\mpengine.dll
    2013-01-25 15:32:34 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c51034ba-1931-482e-9070-7415486d32de}\gapaengine.dll
    2013-01-25 15:31:14 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-25 15:24:33 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-25 15:23:43 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2013-01-23 21:39:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-01-23 21:39:48 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-01-23 21:39:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-01-23 21:39:46 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-23 21:39:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-23 21:39:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-01-23 14:54:56 -------- d-----w- c:\program files\Windows Portable Devices
    2013-01-23 14:04:05 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2013-01-23 14:04:04 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2013-01-23 14:04:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2013-01-23 13:52:06 5120 ----a-w- c:\windows\system32\wmi.dll
    2013-01-23 13:52:06 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2013-01-23 13:52:06 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2013-01-23 13:16:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2013-01-23 13:16:03 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2013-01-23 13:16:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2013-01-23 13:16:02 2873344 ----a-w- c:\windows\system32\mf.dll
    2013-01-23 13:16:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2013-01-23 13:16:01 98816 ----a-w- c:\windows\system32\mfps.dll
    2013-01-23 13:14:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-01-23 13:14:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2013-01-23 13:14:24 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2013-01-23 13:14:22 519680 ----a-w- c:\windows\system32\d3d11.dll
    2013-01-23 13:14:19 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2013-01-23 13:14:19 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-01-23 13:14:18 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-01-23 13:09:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2013-01-23 13:09:16 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2013-01-23 13:09:16 297808 ----a-w- c:\windows\system32\mscoree.dll
    2013-01-23 13:09:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2013-01-23 13:09:16 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2013-01-23 12:58:37 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-01-23 12:58:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-01-23 12:58:33 16896 ----a-w- c:\windows\system32\winusb.dll
    2013-01-23 12:58:33 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-01-23 12:58:32 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-01-23 12:58:32 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-01-23 12:58:32 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-01-23 12:58:32 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-01-23 12:58:31 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2013-01-23 12:58:31 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-01-23 12:58:31 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-01-23 12:49:24 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2013-01-23 12:49:03 40448 ----a-w- c:\windows\system32\winrs.exe
    2013-01-23 12:49:03 20480 ----a-w- c:\windows\system32\winrshost.exe
    2013-01-23 12:49:03 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2013-01-23 12:49:01 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2013-01-23 12:49:01 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2013-01-23 12:46:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-23 12:46:11 293376 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-23 12:46:10 72704 ----a-w- c:\windows\system32\fontsub.dll
    2013-01-19 19:50:14 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2013-01-19 19:50:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2013-01-19 19:48:36 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2013-01-19 19:48:36 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2013-01-19 19:48:33 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2013-01-19 19:48:31 1616384 ----a-w- c:\program files\windows mail\msoe.dll
    2013-01-19 19:48:28 81920 ----a-w- c:\windows\system32\iccvid.dll
    2013-01-19 19:48:08 75776 ----a-w- c:\windows\system32\synceng.dll
    2013-01-19 19:48:07 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2013-01-19 19:48:05 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2013-01-19 19:48:04 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2013-01-19 19:48:04 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2013-01-19 19:46:58 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2013-01-19 19:45:23 36864 ----a-w- c:\windows\system32\rtutils.dll
    2013-01-19 19:45:19 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-19 19:45:16 376320 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-19 19:45:13 1696256 ----a-w- c:\windows\system32\gameux.dll
    2013-01-19 19:45:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2013-01-19 19:45:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2013-01-19 19:45:04 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2013-01-19 19:45:02 985088 ----a-w- c:\windows\system32\crypt32.dll
    2013-01-19 19:45:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2013-01-19 19:45:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-01-19 19:43:58 377344 ----a-w- c:\windows\system32\winhttp.dll
    2013-01-19 19:43:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2013-01-19 19:43:52 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2013-01-19 19:43:52 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2013-01-19 19:43:52 238080 ----a-w- c:\windows\system32\oleacc.dll
    2013-01-19 19:43:51 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-19 19:43:38 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-19 19:43:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2013-01-19 19:43:06 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2013-01-19 19:43:04 677888 ----a-w- c:\windows\system32\mstsc.exe
    2013-01-19 19:42:57 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2013-01-19 19:42:02 531968 ----a-w- c:\windows\system32\comctl32.dll
    2013-01-19 19:41:58 278528 ----a-w- c:\windows\system32\schannel.dll
    2013-01-19 19:41:57 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-01-19 19:41:56 9728 ----a-w- c:\windows\system32\lsass.exe
    2013-01-19 19:41:56 72704 ----a-w- c:\windows\system32\secur32.dll
    2013-01-19 19:41:56 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-19 19:41:54 231424 ----a-w- c:\windows\system32\msshsq.dll
    2013-01-19 19:41:49 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-19 19:41:48 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-19 19:20:13 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2013-01-19 19:07:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-19 19:07:08 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-19 19:06:43 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-19 19:06:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-16 18:19:49 -------- d-----w- c:\windows\system32\eu-ES
    2013-01-16 18:19:49 -------- d-----w- c:\windows\system32\ca-ES
    2013-01-16 18:19:47 -------- d-----w- c:\windows\system32\vi-VN
    2013-01-16 18:14:04 -------- d-----w- c:\windows\system32\SPReview
    2013-01-16 17:50:21 928768 ----a-w- c:\windows\system32\scavenge.dll
    2013-01-16 17:50:14 57856 ----a-w- c:\windows\system32\compcln.exe
    2013-01-16 17:48:59 128000 ----a-w- c:\windows\system32\gpresult.exe
    2013-01-16 17:47:59 368640 ----a-w- c:\windows\system32\msjetoledb40.dll
    2013-01-16 17:46:57 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
    2013-01-16 17:45:56 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
    2013-01-16 16:43:22 -------- d-----w- C:\PerfLogs
    2013-01-16 15:52:08 193024 ----a-w- c:\windows\system32\recdisc.exe
    2013-01-16 15:52:07 6656 ----a-w- c:\windows\system32\sdspres.dll
    2013-01-16 15:50:59 88576 ----a-w- c:\windows\system32\ntdsapi.dll
    2013-01-16 15:49:59 509952 ----a-w- c:\windows\system32\AuthFWGP.dll
    2013-01-16 15:48:59 8139264 ----a-w- c:\windows\system32\ssBranded.scr
    2013-01-16 15:40:58 -------- d-----w- c:\windows\system32\EventProviders
    2013-01-16 15:26:24 -------- d-----w- C:\0c97167c2fae9adf2c18375f4c
    2013-01-16 13:36:48 -------- d-----w- c:\program files\Avanquest
    2013-01-16 13:36:47 -------- d-----w- c:\programdata\Expert PDF Jobs
    2013-01-16 13:36:47 -------- d-----w- c:\programdata\Expert PDF 7
    2013-01-16 13:36:47 -------- d-----w- c:\programdata\Avanquest
    2013-01-13 14:13:24 -------- d-----w- C:\MGADiagToolOutput
    2013-01-12 15:15:12 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
    2013-01-12 15:15:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-01-12 15:15:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-01-12 14:54:37 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    .
    ==================== Find3M ====================
    .
    2013-01-23 13:15:59 209920 ----a-w- c:\windows\system32\mfplat.dll
    2013-01-23 13:14:30 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2013-01-16 16:27:31 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2013-01-16 16:26:48 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2013-01-11 17:08:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-11 17:08:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 10:19:34 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    .
    ============= FINISH: 11:20:37.25 ===============

    Heres the attached one:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by Owner at 11:19:32 on 2013-01-27
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.2038.1004 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxecserv.exe
    C:\Windows\system32\lxeccoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Owner\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\lxcfcoms.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\RacAgent.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
    uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
    uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,[email protected]
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
    mRun: [Lexmark Pro800-Pro900 Series Fax Server] "c:\program files\lexmark pro800-pro900 series\fm3032.exe" /s
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\cnette~1.lnk - c:\users\owner\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{118D78FA-05C4-46CF-B9A5-5D7899A35D07} : DHCPNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{FBB7E9FA-7484-40C0-8B5E-68D2516D0850} : DHCPNameServer = 192.168.2.1
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-1-16 21504]
    R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
    R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2011-4-27 193192]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-11-17 281088]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: scrfile="%1" %*
    FileExt: .reg: regfile=regedit.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2013-01-26 16:17:56 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{930c1dbb-d8ed-422c-89e5-34410ee4fcd2}\mpengine.dll
    2013-01-25 15:32:34 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c51034ba-1931-482e-9070-7415486d32de}\gapaengine.dll
    2013-01-25 15:31:14 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-25 15:24:33 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-25 15:23:43 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2013-01-23 21:39:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-01-23 21:39:48 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-01-23 21:39:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-01-23 21:39:46 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-23 21:39:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-23 21:39:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-01-23 14:54:56 -------- d-----w- c:\program files\Windows Portable Devices
    2013-01-23 14:04:05 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2013-01-23 14:04:04 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2013-01-23 14:04:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2013-01-23 13:52:06 5120 ----a-w- c:\windows\system32\wmi.dll
    2013-01-23 13:52:06 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2013-01-23 13:52:06 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2013-01-23 13:16:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2013-01-23 13:16:03 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2013-01-23 13:16:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2013-01-23 13:16:02 2873344 ----a-w- c:\windows\system32\mf.dll
    2013-01-23 13:16:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2013-01-23 13:16:01 98816 ----a-w- c:\windows\system32\mfps.dll
    2013-01-23 13:14:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-01-23 13:14:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2013-01-23 13:14:24 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2013-01-23 13:14:22 519680 ----a-w- c:\windows\system32\d3d11.dll
    2013-01-23 13:14:19 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2013-01-23 13:14:19 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-01-23 13:14:18 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-01-23 13:09:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2013-01-23 13:09:16 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2013-01-23 13:09:16 297808 ----a-w- c:\windows\system32\mscoree.dll
    2013-01-23 13:09:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2013-01-23 13:09:16 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2013-01-23 12:58:37 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-01-23 12:58:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-01-23 12:58:33 16896 ----a-w- c:\windows\system32\winusb.dll
    2013-01-23 12:58:33 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-01-23 12:58:32 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-01-23 12:58:32 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-01-23 12:58:32 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-01-23 12:58:32 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-01-23 12:58:31 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2013-01-23 12:58:31 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-01-23 12:58:31 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-01-23 12:49:24 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2013-01-23 12:49:03 40448 ----a-w- c:\windows\system32\winrs.exe
    2013-01-23 12:49:03 20480 ----a-w- c:\windows\system32\winrshost.exe
    2013-01-23 12:49:03 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2013-01-23 12:49:01 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2013-01-23 12:49:01 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2013-01-23 12:46:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-23 12:46:11 293376 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-23 12:46:10 72704 ----a-w- c:\windows\system32\fontsub.dll
    2013-01-19 19:50:14 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2013-01-19 19:50:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2013-01-19 19:48:36 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2013-01-19 19:48:36 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2013-01-19 19:48:33 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2013-01-19 19:48:31 1616384 ----a-w- c:\program files\windows mail\msoe.dll
    2013-01-19 19:48:28 81920 ----a-w- c:\windows\system32\iccvid.dll
    2013-01-19 19:48:08 75776 ----a-w- c:\windows\system32\synceng.dll
    2013-01-19 19:48:07 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2013-01-19 19:48:05 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2013-01-19 19:48:04 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2013-01-19 19:48:04 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2013-01-19 19:46:58 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2013-01-19 19:45:23 36864 ----a-w- c:\windows\system32\rtutils.dll
    2013-01-19 19:45:19 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-19 19:45:16 376320 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-19 19:45:13 1696256 ----a-w- c:\windows\system32\gameux.dll
    2013-01-19 19:45:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2013-01-19 19:45:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2013-01-19 19:45:04 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2013-01-19 19:45:02 985088 ----a-w- c:\windows\system32\crypt32.dll
    2013-01-19 19:45:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2013-01-19 19:45:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-01-19 19:43:58 377344 ----a-w- c:\windows\system32\winhttp.dll
    2013-01-19 19:43:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2013-01-19 19:43:52 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2013-01-19 19:43:52 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2013-01-19 19:43:52 238080 ----a-w- c:\windows\system32\oleacc.dll
    2013-01-19 19:43:51 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-19 19:43:38 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-19 19:43:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2013-01-19 19:43:06 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2013-01-19 19:43:04 677888 ----a-w- c:\windows\system32\mstsc.exe
    2013-01-19 19:42:57 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2013-01-19 19:42:02 531968 ----a-w- c:\windows\system32\comctl32.dll
    2013-01-19 19:41:58 278528 ----a-w- c:\windows\system32\schannel.dll
    2013-01-19 19:41:57 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-01-19 19:41:56 9728 ----a-w- c:\windows\system32\lsass.exe
    2013-01-19 19:41:56 72704 ----a-w- c:\windows\system32\secur32.dll
    2013-01-19 19:41:56 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-19 19:41:54 231424 ----a-w- c:\windows\system32\msshsq.dll
    2013-01-19 19:41:49 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-19 19:41:48 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-19 19:20:13 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2013-01-19 19:07:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-19 19:07:08 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-19 19:06:43 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-19 19:06:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-16 18:19:49 -------- d-----w- c:\windows\system32\eu-ES
    2013-01-16 18:19:49 -------- d-----w- c:\windows\system32\ca-ES
    2013-01-16 18:19:47 -------- d-----w- c:\windows\system32\vi-VN
    2013-01-16 18:14:04 -------- d-----w- c:\windows\system32\SPReview
    2013-01-16 17:50:21 928768 ----a-w- c:\windows\system32\scavenge.dll
    2013-01-16 17:50:14 57856 ----a-w- c:\windows\system32\compcln.exe
    2013-01-16 17:48:59 128000 ----a-w- c:\windows\system32\gpresult.exe
    2013-01-16 17:47:59 368640 ----a-w- c:\windows\system32\msjetoledb40.dll
    2013-01-16 17:46:57 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
    2013-01-16 17:45:56 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
    2013-01-16 16:43:22 -------- d-----w- C:\PerfLogs
    2013-01-16 15:52:08 193024 ----a-w- c:\windows\system32\recdisc.exe
    2013-01-16 15:52:07 6656 ----a-w- c:\windows\system32\sdspres.dll
    2013-01-16 15:50:59 88576 ----a-w- c:\windows\system32\ntdsapi.dll
    2013-01-16 15:49:59 509952 ----a-w- c:\windows\system32\AuthFWGP.dll
    2013-01-16 15:48:59 8139264 ----a-w- c:\windows\system32\ssBranded.scr
    2013-01-16 15:40:58 -------- d-----w- c:\windows\system32\EventProviders
    2013-01-16 15:26:24 -------- d-----w- C:\0c97167c2fae9adf2c18375f4c
    2013-01-16 13:36:48 -------- d-----w- c:\program files\Avanquest
    2013-01-16 13:36:47 -------- d-----w- c:\programdata\Expert PDF Jobs
    2013-01-16 13:36:47 -------- d-----w- c:\programdata\Expert PDF 7
    2013-01-16 13:36:47 -------- d-----w- c:\programdata\Avanquest
    2013-01-13 14:13:24 -------- d-----w- C:\MGADiagToolOutput
    2013-01-12 15:15:12 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
    2013-01-12 15:15:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-01-12 15:15:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-01-12 14:54:37 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    .
    ==================== Find3M ====================
    .
    2013-01-23 13:15:59 209920 ----a-w- c:\windows\system32\mfplat.dll
    2013-01-23 13:14:30 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2013-01-16 16:27:31 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2013-01-16 16:26:48 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2013-01-11 17:08:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-11 17:08:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 10:19:34 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    .
    ============= FINISH: 11:20:37.25 ===============
     
  15. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    Here is the ark text thingy.

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-27 11:39:41
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AL 149.05GB
    Running: 5dbgr9d2.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys

    ---- Kernel code sections - GMER 2.0 ----
    ? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!EnableWindow 7572CD8B 5 Bytes JMP 71659EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamW 757510B0 5 Bytes JMP 715B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamW 75752EF5 5 Bytes JMP 717A8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamA 75768152 5 Bytes JMP 717A8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamA 7576847D 5 Bytes JMP 717A901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectA 7577D4D9 5 Bytes JMP 717A8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectW 7577D5D3 5 Bytes JMP 717A8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExA 7577D639 5 Bytes JMP 717A8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExW 7577D65D 5 Bytes JMP 717A8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] kernel32.dll!CreateThread 76F2CB0E 5 Bytes JMP 716175DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogParamW 757272A2 5 Bytes JMP 717A9320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!GetAsyncKeyState 7572863C 5 Bytes JMP 715FDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetWindowsHookExW 757287AD 5 Bytes JMP 716525AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CallNextHookEx 75728E3B 5 Bytes JMP 71677FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!UnhookWindowsHookEx 757298DB 5 Bytes JMP 7169ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!EnableWindow 7572CD8B 5 Bytes JMP 71659EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcA 7572DB88 7 Bytes JMP 71619805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExA 7572DC2A 5 Bytes JMP 7162363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExW 75731305 5 Bytes JMP 716803CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!GetKeyState 75738CB1 5 Bytes JMP 715FDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcW 757403B4 7 Bytes JMP 71678042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!IsDialogMessageW 75740745 5 Bytes JMP 717A9A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogParamA 757417AA 5 Bytes JMP 717A92E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!IsDialogMessage 75741847 5 Bytes JMP 717A9A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogIndirectParamA 757426F1 5 Bytes JMP 717A9358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogIndirectParamW 75749A62 5 Bytes JMP 717A9390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetKeyboardState 75750987 5 Bytes JMP 717AA341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamW 757510B0 5 Bytes JMP 715B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamW 75752EF5 5 Bytes JMP 717A8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SendInput 75752F75 5 Bytes JMP 717AA2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!EndDialog 7575326E 5 Bytes JMP 717A9D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetCursorPos 75766FB2 5 Bytes JMP 717AA3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamA 75768152 5 Bytes JMP 717A8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamA 7576847D 5 Bytes JMP 717A901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectA 7577D4D9 5 Bytes JMP 717A8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectW 7577D5D3 5 Bytes JMP 717A8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExA 7577D639 5 Bytes JMP 717A8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExW 7577D65D 5 Bytes JMP 717A8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!keybd_event 7577D972 5 Bytes JMP 717AA2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] SHELL32.dll!SHRestricted + D95 758589A8 4 Bytes [CF, 01, 1C, 6B] {IRET ; ADD [EBX+EBP*2], EBX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] SHELL32.dll!SHRestricted + D9D 758589B0 8 Bytes [E0, 61, 1B, 6B, 79, F7, 1B, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] ole32.dll!OleLoadFromStream 755F1E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] ole32.dll!OleLoadFromStream 755F1E80 5 Bytes JMP 717A9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] kernel32.dll!CreateThread 76F2CB0E 5 Bytes JMP 716175DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogParamW 757272A2 5 Bytes JMP 717A9320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!GetAsyncKeyState 7572863C 5 Bytes JMP 715FDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SetWindowsHookExW 757287AD 5 Bytes JMP 716525AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CallNextHookEx 75728E3B 5 Bytes JMP 71677FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!UnhookWindowsHookEx 757298DB 5 Bytes JMP 7169ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!EnableWindow 7572CD8B 5 Bytes JMP 71659EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DefWindowProcA 7572DB88 7 Bytes JMP 71619805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateWindowExA 7572DC2A 5 Bytes JMP 7162363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateWindowExW 75731305 5 Bytes JMP 716803CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!GetKeyState 75738CB1 5 Bytes JMP 715FDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DefWindowProcW 757403B4 7 Bytes JMP 71678042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!IsDialogMessageW 75740745 5 Bytes JMP 717A9A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogParamA 757417AA 5 Bytes JMP 717A92E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!IsDialogMessage 75741847 5 Bytes JMP 717A9A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogIndirectParamA 757426F1 5 Bytes JMP 717A9358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogIndirectParamW 75749A62 5 Bytes JMP 717A9390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SetKeyboardState 75750987 5 Bytes JMP 717AA341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxParamW 757510B0 5 Bytes JMP 715B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxIndirectParamW 75752EF5 5 Bytes JMP 717A8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SendInput 75752F75 5 Bytes JMP 717AA2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!EndDialog 7575326E 5 Bytes JMP 717A9D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SetCursorPos 75766FB2 5 Bytes JMP 717AA3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxParamA 75768152 5 Bytes JMP 717A8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxIndirectParamA 7576847D 5 Bytes JMP 717A901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxIndirectA 7577D4D9 5 Bytes JMP 717A8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxIndirectW 7577D5D3 5 Bytes JMP 717A8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxExA 7577D639 5 Bytes JMP 717A8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxExW 7577D65D 5 Bytes JMP 717A8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!keybd_event 7577D972 5 Bytes JMP 717AA2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] SHELL32.dll!SHRestricted + D95 758589A8 4 Bytes [CF, 01, 1C, 6B] {IRET ; ADD [EBX+EBP*2], EBX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] SHELL32.dll!SHRestricted + D9D 758589B0 8 Bytes [E0, 61, 1B, 6B, 79, F7, 1B, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] ole32.dll!OleLoadFromStream 755F1E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] ole32.dll!OleLoadFromStream 755F1E80 5 Bytes JMP 717A9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- Registry - GMER 2.0 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsl19168825
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{930C1DBB-D8ED-422C-89E5-34410EE4FCD2}\MpKsl19168825.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] MpKsl19168825
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \Device\HarddiskVolume2\Program Files\Microsoft Security Client\MsMpEng.exe
    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084829

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice