1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

pup.optional.mysearchDial.a

Discussion in 'Virus & Other Malware Removal' started by mjackson1, Sep 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    hello i have been having trouble with pup.optional.mysearchDial.a
    pup.optional.Dealply.a

    when i click a new tab this my search Dial page comes up ( it is a a pup)
    but when i press the home page it is google like it is spose to be
    often get pop up coming in
    computer running slower
    firefox stops responding

    i did have quit a few mysearchDial.a
    pup.optional.Dealply.a infections, in malawarebytes but seem to be gone for now ???
    but i guess they will appear again after using computer for a bit ??

    iv got malawarebytes, superantispyware, hitman pro, avg free
    can i ask if spyhunter 4 is a rough spyware remover , some reviews said so , but that said i was badly infected and need to pay for it to be fixed , so nothing was done and after ready review i removed it from programs and desktop and download , i am using free AVG and windows defender is not working , cannot turn it on
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    We are very willing to help you, but you need to help yourself and us by following the advice in the sticky at the top of the forum. We are very good here but aren't miracle workers and can't guess at what is wrong. We need to see various logs to determine the cause of your problem(s). When you don't read the instructions or post the logs we have to repeat the instructions and slow down you getting help.

    follow advice here and post the logs those programs make
     
  3. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:56:52 PM, on 16/09/2013
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16982)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Users\User\Desktop\Spy Stuff\HijackThis.exe
    c:\program files\real\realplayer\RealPlay.exe
    c:\program files\real\realplayer\RealPlay.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
    O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
    O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
    O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9256 bytes


    thankyou
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    You are terribly out of date and looks like you have never updated that computer since you got it
    it is impossible to fix a computer that is so out of date and hasn't got the latest Service pack from Microsoft. Any fixes will be wasted and you will be immediately reinfected

    first
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


    [​IMG]
     
  5. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    # AdwCleaner v3.004 - Report created 16/09/2013 at 22:38:20
    # Updated 15/09/2013 by Xplode
    # Operating System : Windows Vista (TM) Business (32 bits)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\AdwCleaner(1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [x] Not Deleted : C:\ProgramData\AVG Secure Search
    [x] Not Deleted : C:\Program Files\AVG Secure Search
    [x] Not Deleted : C:\Program Files\Common Files\AVG Secure Search
    [x] Not Deleted : C:\Users\User\AppData\Local\AVG Secure Search
    [x] Not Deleted : C:\Users\User\AppData\LocalLow\AVG Secure Search
    [x] Not Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\Smartbar
    [x] Not Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}
    [x] Not Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6000.16982


    -\\ Mozilla Firefox v23.0.1 (en-US)

    [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\19nsihnf.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [20941 octets] - [16/09/2013 09:44:55]
    AdwCleaner[R1].txt - [1622 octets] - [16/09/2013 09:59:25]
    AdwCleaner[R2].txt - [1910 octets] - [16/09/2013 18:55:56]
    AdwCleaner[R3].txt - [2033 octets] - [16/09/2013 22:28:28]
    AdwCleaner[S0].txt - [21404 octets] - [16/09/2013 09:47:18]
    AdwCleaner[S1].txt - [1721 octets] - [16/09/2013 10:03:39]
    AdwCleaner[S2].txt - [2025 octets] - [16/09/2013 18:57:47]
    AdwCleaner[S3].txt - [1996 octets] - [16/09/2013 22:38:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2056 octets] ##########
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    That doesn't seem to be deleting everything it should have done, unless you selected to keep the things that are marked as NOT deleted

    Next go to windows update and take Service pack 1 ONLY
    let it install then reboot & go back to windows update & then take Service pack 2, let it install then reboot
    then go back to WU & take all updates now offered
    You must take at least IE8, and I recommend IE9, but IE10 is optional at this time
    report back after all that has been done
     
  7. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    Hi
    i have installed SP1, 3 times and rebooted, it dosnt seem to be happening??
    i went to start right click on computer, and properties, no SP1 in there
    what do you suggest
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
  9. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    Hi i was able to get SP1 installed while i was away at work, so i have [FONT=&quot]download and run Reset Windows Update Tool[/FONT] and [FONT=&quot] download and run System Update Readiness Tool , [/FONT]the computer is now installing some more updates ,and then i will try for SP2

    the update is still happening,
    iv included a url link to a snapshot of the tool bar that appeared http://imtp.me/676c018rf , and every time i press add another tab i get this toolbar page , and then when i press Home tab to get back to Google search i get 2 tabs up 1 Google and 1 this other toolbar , now i have 3 tab open wanting only 1 ??,
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    once we have the computer updated we can then remove this pest
     
  11. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    Hi sp1 and 2 are loaded and a whole heep of other updates

    i accidentally deleting the recycle bin from the desktop and now i cannot delet somethings ?

    i have also removed from programs Free avg and have Vipre on free trial , browser safeguard

    Time has gone by and now i have to use another computer as the infested one when a page comes up its blocked by vipre
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    now please follow instructions in post 2 and post ALL the logs requested not just hijackthis so we can find what is causing it
     
  13. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    no 1 Microsoft fix at the end of what it was doing a black box come up but it disappeared ???

    no 2 system update standalone package a message said the update does not apply to your system

    is that all i had to send
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    read the instructions in post 2 carefully
    it asks you to run Hijackthis DDS and Gmer and gives links to downloading the tools
     
  15. mjackson1

    mjackson1 Thread Starter

    Joined:
    Sep 16, 2013
    Messages:
    87
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:25:55 PM, on 18/09/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16506)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
    C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\User\Desktop\Spy Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&u...680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&u...680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&u...680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&u...680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49168;https=127.0.0.1:49168
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
    O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files\GFI Software\VIPRE\VSGN.dll
    O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\GFI Software\VIPRE\VSGN.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
    O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
    O4 - HKLM\..\Run: [IMToolPack] "C:\Program Files\Crawler\IMToolPack\IMToolP.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\GFI Software\VIPRE\SBAMTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [IMToolPack] "C:\Program Files\Crawler\IMToolPack\IMToolP.exe"
    O4 - HKCU\..\Run: [BrowserSafeguard] C:\Program Files\Browsersafeguard\Browsersafeguard.exe
    O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\GFI Software\VIPRE\VSGN.dll
    O20 - AppInit_DLLs: C:\Users\User\AppData\Local\DProtect\eBP.dll,C:\Users\User\AppData\Local\DProtect\eBPSD.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: GFI LanGuard 11 Attendant Service (gfi_lanss11_attservice) - GFI Software Development Ltd. - C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
    O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: VIPRE Internet Security (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
    O23 - Service: SB Recovery Service (SBPIMSvc) - ThreatTrack Security, Inc. - C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
    O23 - Service: Upek Service (UpekSrvc) - UPEK Inc. - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
    O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11664 bytes


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16506
    Run by User at 17:56:26 on 2013-09-18
    Microsoft® Windows Vista&#8482; Business 6.0.6002.2.1252.61.1033.18.1006.125 [GMT 10:00]
    .
    AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
    C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Browny02\BrYNSvc.exe
    C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
    C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid=HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    uDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid=HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid=HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid=HITACHIXHTS541680J9SA00_SB2204KGGXRZWSGXRZWSX&ts=1379422076
    uProxyServer = hxxp=127.0.0.1:49168;https=127.0.0.1:49168
    uProxyOverride = <-loopback>
    BHO: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - c:\program files\crawler\toolbar\ctbr.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
    BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - c:\program files\gfi software\vipre\VSGN.dll
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
    TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\gfi software\vipre\VSGN.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\crawler\toolbar\ctbr.dll
    TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\gfi software\vipre\VSGN.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [IMToolPack] "c:\program files\crawler\imtoolpack\IMToolP.exe"
    uRun: [BrowserSafeguard] c:\program files\browsersafeguard\Browsersafeguard.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
    mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
    mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
    mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
    mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
    mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [HOSTS Anti-Adware_PUPs] c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware_main.exe
    mRun: [IMToolPack] "c:\program files\crawler\imtoolpack\IMToolP.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tl-wn3~1.lnk - c:\program files\tp-link\tl-wn321g wireless utility\installer\win2k\TWCU.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: DisableCAD = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Crawler Search - tbr:iemenu
    IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1 192.168.1.1
    TCP: Interfaces\{C4E9CFE2-0E87-4C6E-8646-07474AE2F597} : DHCPNameServer = 192.168.0.1 192.168.1.1
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\program files\crawler\toolbar\ctbr.dll
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files\gfi software\vipre\VSGN.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    AppInit_DLLs= c:\users\user\appdata\local\dprotect\ebp.dll,c:\users\user\appdata\local\dprotect\eBPSD.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\19nsihnf.default\
    FF - prefs.js: browser.search.selectedEngine - qvo6
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/?gws_rd=cr&ei=KTk5UrhYg86TBbnXgNAI
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
    FF - ExtSQL: 2013-09-09 08:34; {906000a4-88d9-4d52-b209-7a772970d91f}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\19nsihnf.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
    FF - ExtSQL: 2013-09-09 09:36; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\19nsihnf.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    FF - ExtSQL: 2013-09-17 18:28; {4B3803EA-5230-4DC3-A7FC-33638F3D3542}; c:\program files\crawler\toolbar\firefox
    FF - ExtSQL: 2013-09-18 10:33; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
    FF - ExtSQL: 2013-09-18 12:51; avg@toolbar; c:\programdata\avg secure search\firefoxext\15.5.0.2
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-28 37664]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2013-9-18 228048]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-24 119056]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-9-17 21504]
    R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files\gfi\languard 11 agent\lnssatt.exe [2012-11-23 133496]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-18 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-18 701512]
    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
    R2 SBAMSvc;VIPRE Internet Security;c:\program files\gfi software\vipre\SBAMSvc.exe [2013-9-5 3937472]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-6-18 70888]
    R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2013-9-5 176016]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
    R2 UpekSrvc;Upek Service;c:\program files\thinkvantage fingerprint software\upeksrvc.exe [2010-12-7 35152]
    R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-16 1643184]
    R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-12-25 245760]
    R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-6-8 81280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-18 22856]
    R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2013-9-18 96288]
    R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2012-12-11 76064]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\hosts_anti_adwares_pups\hosts_anti-adware.exe -update --> c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware.exe -update [?]
    S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-9-18 23656]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2013-9-18 96288]
    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2013-9-18 96720]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2013-9-18 19968]
    .
    =============== Created Last 30 ================
    .
    2013-09-18 05:45:13 -------- d-----w- c:\users\user\appdata\roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
    2013-09-18 04:34:24 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2013-09-18 04:30:34 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-09-18 04:30:34 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2013-09-18 04:30:34 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2013-09-18 04:30:32 519680 ----a-w- c:\windows\system32\d3d11.dll
    2013-09-18 04:30:30 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2013-09-18 04:30:29 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-09-18 04:30:29 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-09-18 02:51:26 -------- d-----w- c:\program files\AVG Secure Search
    2013-09-18 00:33:50 -------- d-----w- c:\program files\RealNetworks
    2013-09-18 00:33:49 -------- d-----w- c:\programdata\RealNetworks
    2013-09-18 00:32:20 -------- d-----w- c:\program files\common files\xing shared
    2013-09-18 00:31:04 153736 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2013-09-18 00:30:29 124504 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
    2013-09-18 00:24:41 -------- d-----w- c:\windows\Patches
    2013-09-18 00:10:48 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2013-09-18 00:10:48 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2013-09-18 00:10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2013-09-18 00:10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2013-09-18 00:10:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2013-09-17 23:48:32 -------- d-----w- c:\users\user\appdata\roaming\ThreatTrack Security
    2013-09-17 23:41:37 23656 ----a-w- c:\windows\system32\drivers\gfiutil.sys
    2013-09-17 23:41:36 41584 ----a-w- c:\windows\system32\drivers\gfiark.sys
    2013-09-17 23:35:25 -------- d-----w- c:\users\user\appdata\roaming\VIPRE
    2013-09-17 23:32:44 96720 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2013-09-17 23:30:14 96288 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2013-09-17 23:30:12 228048 ----a-w- c:\windows\system32\drivers\SbFw.sys
    2013-09-17 23:30:06 -------- d-----w- c:\windows\system32\drivers\VDD
    2013-09-17 23:29:39 -------- d-----w- c:\windows\system32\System32
    2013-09-17 23:29:39 -------- d-----w- c:\programdata\GFI
    2013-09-17 23:29:39 -------- d-----w- c:\program files\GFI
    2013-09-17 23:29:36 -------- d-----w- c:\programdata\VIPRE
    2013-09-17 23:28:37 -------- d-----w- c:\programdata\Downloaded Installations
    2013-09-17 22:36:24 -------- d-----w- c:\program files\GFI Software
    2013-09-17 22:35:37 -------- d-----w- c:\users\user\appdata\roaming\GFI Software
    2013-09-17 22:31:08 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2013-09-17 22:30:09 40448 ----a-w- c:\windows\system32\winrs.exe
    2013-09-17 22:30:09 20480 ----a-w- c:\windows\system32\winrshost.exe
    2013-09-17 22:30:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2013-09-17 22:30:06 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2013-09-17 22:30:06 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2013-09-17 22:30:02 81408 ----a-w- c:\windows\system32\wevtfwd.dll
    2013-09-17 22:30:02 79872 ----a-w- c:\windows\system32\wecutil.exe
    2013-09-17 22:30:02 56320 ----a-w- c:\windows\system32\wecapi.dll
    2013-09-17 22:30:02 54272 ----a-w- c:\windows\system32\WsmRes.dll
    2013-09-17 22:30:02 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
    2013-09-17 22:30:02 146944 ----a-w- c:\windows\system32\wecsvc.dll
    2013-09-17 22:29:48 201184 ----a-w- c:\windows\system32\winrm.vbs
    2013-09-17 22:29:46 145408 ----a-w- c:\windows\system32\WsmAuto.dll
    2013-09-17 22:29:45 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2013-09-17 22:29:45 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2013-09-17 22:29:45 241152 ----a-w- c:\windows\system32\winrscmd.dll
    2013-09-17 22:29:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2013-09-17 22:29:44 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2013-09-17 21:56:52 -------- d-----w- c:\windows\system32\eu-ES
    2013-09-17 21:56:52 -------- d-----w- c:\windows\system32\ca-ES
    2013-09-17 21:56:47 -------- d-----w- c:\windows\system32\vi-VN
    2013-09-17 21:47:06 -------- d-----w- c:\windows\system32\SPReview
    2013-09-17 21:19:30 928768 ----a-w- c:\windows\system32\scavenge.dll
    2013-09-17 21:19:23 57856 ----a-w- c:\windows\system32\compcln.exe
    2013-09-17 21:17:59 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
    2013-09-17 21:16:56 950272 ----a-w- c:\windows\system32\mblctr.exe
    2013-09-17 21:12:37 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2013-09-17 21:12:34 17920 ----a-w- c:\windows\system32\netevent.dll
    2013-09-17 21:11:21 502272 ----a-w- c:\windows\system32\usp10.dll
    2013-09-17 21:11:11 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2013-09-17 21:11:11 515584 ----a-w- c:\program files\windows mail\wab.exe
    2013-09-17 21:11:11 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2013-09-17 21:10:48 292864 ----a-w- c:\windows\system32\atmfd.dll
    2013-09-17 21:10:47 72704 ----a-w- c:\windows\system32\fontsub.dll
    2013-09-17 21:10:47 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-09-17 21:10:29 413696 ----a-w- c:\windows\system32\odbc32.dll
    2013-09-17 21:10:25 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2013-09-17 21:10:23 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2013-09-17 21:10:23 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2013-09-17 21:10:22 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2013-09-17 21:10:22 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2013-09-17 21:08:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2013-09-17 21:08:38 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2013-09-17 21:08:33 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-09-17 21:08:31 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-09-17 21:08:30 1205080 ----a-w- c:\windows\system32\ntdll.dll
    2013-09-17 21:08:13 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2013-09-17 21:08:12 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2013-09-17 21:08:07 1616384 ----a-w- c:\program files\windows mail\msoe.dll
    2013-09-17 21:08:03 81920 ----a-w- c:\windows\system32\iccvid.dll
    2013-09-17 21:06:52 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2013-09-17 21:06:45 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2013-09-17 21:06:42 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
    2013-09-17 21:06:40 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2013-09-17 21:06:39 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2013-09-17 21:06:32 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2013-09-17 21:06:28 954752 ----a-w- c:\windows\system32\mfc40.dll
    2013-09-17 21:06:27 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2013-09-17 21:06:23 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2013-09-17 21:06:09 36864 ----a-w- c:\windows\system32\rtutils.dll
    2013-09-17 21:06:00 1696256 ----a-w- c:\windows\system32\gameux.dll
    2013-09-17 21:05:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2013-09-17 21:05:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2013-09-17 21:05:45 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2013-09-17 21:04:35 429056 ----a-w- c:\windows\system32\EncDec.dll
    2013-09-17 21:04:35 322560 ----a-w- c:\windows\system32\sbe.dll
    2013-09-17 21:04:35 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-09-17 21:04:34 153088 ----a-w- c:\windows\system32\sbeio.dll
    2013-09-17 21:04:25 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2013-09-17 21:04:25 352768 ----a-w- c:\windows\system32\taskschd.dll
    2013-09-17 21:04:24 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2013-09-17 21:04:24 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2013-09-17 21:04:24 171520 ----a-w- c:\windows\system32\taskeng.exe
    2013-09-17 21:04:02 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2013-09-17 21:03:56 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-09-17 21:03:11 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2013-09-17 21:03:05 81920 ----a-w- c:\windows\system32\consent.exe
    2013-09-17 21:02:47 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2013-09-17 21:02:47 375808 ----a-w- c:\windows\system32\winsrv.dll
    2013-09-17 20:53:08 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2013-09-17 20:53:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2013-09-17 20:52:59 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-17 20:52:50 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2013-09-17 20:45:56 -------- d-----w- c:\windows\system32\EventProviders
    2013-09-17 20:20:28 276992 ----a-w- c:\windows\system32\schannel.dll
    2013-09-17 12:50:15 -------- d-----w- c:\program files\Browsersafeguard
    2013-09-17 12:49:19 -------- d-----w- c:\program files\Optimizer Pro
    2013-09-17 12:48:18 -------- d-----w- c:\programdata\eSafe
    2013-09-17 12:48:13 -------- d-----w- c:\users\user\appdata\local\DProtect
    2013-09-17 12:47:57 -------- d-----w- C:\User Data
    2013-09-17 08:28:11 -------- d-----w- c:\program files\Crawler
    2013-09-17 06:28:17 -------- d-----w- c:\windows\CheckSur
    2013-09-17 03:27:26 -------- d-----w- C:\PerfLogs
    2013-09-17 00:18:02 193024 ----a-w- c:\windows\system32\recdisc.exe
    2013-09-17 00:17:53 6656 ----a-w- c:\windows\system32\sdspres.dll
    2013-09-17 00:17:02 28160 ----a-w- c:\windows\system32\sxproxy.dll
    2013-09-17 00:14:55 531456 ----a-w- c:\windows\system32\objsel.dll
    2013-09-17 00:13:54 81920 ----a-w- c:\windows\system32\shacct.dll
    2013-09-17 00:12:59 68096 ----a-w- c:\windows\system32\basesrv.dll
    2013-09-17 00:11:59 59392 ----a-w- c:\program files\windows media player\wmprph.exe
    2013-09-17 00:03:48 -------- d-----w- C:\85c994c0782925ade07056043b21
    2013-09-16 19:04:21 -------- d-----w- c:\users\user\appdata\local\WindowsUpdate
    2013-09-16 07:17:13 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
    2013-09-16 07:15:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-09-16 07:15:34 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-09-16 06:54:37 -------- d-----w- c:\programdata\CDB
    2013-09-16 05:59:13 -------- d-----w- c:\windows\system32\appmgmt
    2013-09-16 05:55:27 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5d93689f-b545-4af4-b801-8e25682be157}\mpengine.dll
    2013-09-16 05:50:53 -------- d-----w- c:\users\user\appdata\local\Avg2014
    2013-09-16 00:31:29 -------- d-----w- c:\program files\Enigma Software Group
    2013-09-16 00:29:45 -------- d-----w- c:\windows\865537E164904193A4B6669C62711852.TMP
    2013-09-16 00:29:32 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2013-09-16 00:01:11 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
    2013-09-15 23:44:50 -------- d-----w- C:\AdwCleaner
    2013-09-08 22:42:33 -------- d-----w- c:\programdata\HitmanPro
    2013-09-08 22:34:04 -------- d-----w- c:\users\user\appdata\local\Google
    2013-09-05 11:33:22 13712 ----a-w- c:\windows\system32\drivers\vdd\apvdd.dll
    2013-09-05 11:33:20 44944 ----a-w- c:\windows\system32\sbbd.exe
    2013-08-19 22:28:09 -------- d-----w- c:\users\user\appdata\roaming\RealNetworks
    2013-08-19 21:32:44 -------- d-----w- c:\users\user\appdata\local\Apps
    .
    ==================== Find3M ====================
    .
    2013-09-18 04:34:24 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2013-09-18 04:30:39 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2013-09-18 00:29:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-09-17 03:11:29 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2013-09-17 03:11:14 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2013-09-15 22:32:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-15 22:32:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-15 22:00:56 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-08-06 18:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 17:57:45.70 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista&#8482; Business
    Boot Device: \Device\HarddiskVolume1
    Install Date: 14/06/2012 2:21:56 PM
    System Uptime: 18/09/2013 3:49:39 PM (2 hours ago)
    .
    Motherboard: LENOVO | | 766512M
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 1200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 43.898 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 56 GiB total, 38.73 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP417: 18/09/2013 7:10:09 AM - Windows Vista&#8482; Service Pack 2
    RP418: 18/09/2013 8:26:43 AM - Windows Update
    RP419: 18/09/2013 9:30:23 AM - Device Driver Package Install: GFI Software Network Service
    RP420: 18/09/2013 10:05:41 AM - Windows Update
    RP421: 18/09/2013 11:10:43 AM - Windows Update
    RP422: 18/09/2013 2:28:05 PM - Windows Modules Installer
    RP423: 18/09/2013 5:09:38 PM - Installed Microsoft Fix it 50202
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.8)
    Brother MFL-Pro Suite MFC-J430W
    BrowserSafeguard
    Crawler Toolbar
    GoToMeeting 5.4.0.1082
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IM ToolPack
    Intel PROSet Wireless
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    Malwarebytes Anti-Malware version 1.75.0.1300
    Media Player Codec Pack 4.2.2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 24.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    NVIDIA Drivers
    PaperPort Image Printer
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    RealUpgrade 1.1
    RoboForm 7-8-2-5 (All Users)
    Scansoft PDF Professional
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    SUPERAntiSpyware
    ThinkPad Modem
    ThinkPad Power Management Driver
    ThinkPad UltraNav Driver
    ThinkVantage Fingerprint Software
    TL-WN321G Wireless Utility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VIPRE Internet Security
    Wsys Control 10.2.1.2634
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18/09/2013 9:49:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    18/09/2013 9:49:08 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/09/2013 9:04:59 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    18/09/2013 9:04:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    18/09/2013 8:03:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    18/09/2013 8:03:05 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/09/2013 8:03:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    18/09/2013 8:02:32 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    18/09/2013 3:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    18/09/2013 3:51:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    18/09/2013 3:50:56 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    18/09/2013 3:50:56 PM, Error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The system cannot find the file specified.
    18/09/2013 3:42:15 PM, Error: Service Control Manager [7034] - The VIPRE Internet Security service terminated unexpectedly. It has done this 1 time(s).
    18/09/2013 10:50:48 AM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).
    .
    ==== End Of File ===========================

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-09-18 18:37:31
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS541680J9SA00 rev.SB2IC7UP 74.53GB
    Running: 6fms2f30.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8CAEC640]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!KeSetEvent + 621 81CF8DA4 4 Bytes [40, C6, AE, 8C]
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x89E00320, 0x3F6A07, 0xE8000020]
    ? C:\Users\User\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2616] kernel32.dll!SetUnhandledExceptionFilter 76FAA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
    AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys

    Device \Driver\BTHUSB \Device\00000072 bthport.sys
    Device \Driver\BTHUSB \Device\00000074 bthport.sys

    AttachedDevice \Driver\tdx \Device\Udp SbFw.sys
    AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26fb85d0
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26fb85d0 (not active ControlSet)

    ---- EOF - GMER 2.1 ----
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1108577