1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trouble removing Default Tab and other gutted files

Discussion in 'Virus & Other Malware Removal' started by SirVire, Jul 3, 2013.

Thread Status:
Not open for further replies.
  1. SirVire

    SirVire Thread Starter

    Joined:
    May 17, 2007
    Messages:
    16
    Hello ladies and gents. Got a bit of a pickle for you all to work with. I got this Windows 7 pro PC that I had built for a client of mine with a bunch of malware and adware running about. After a day or so of cleaning, removal, repair, and etc, i have it mostly working like new. The problem is that there are a few suspicious programs (or, i should say, a few gutted programs) that are giving me trouble as I can't seem to get rid of them.

    For example, i have add-ins for Default Tab by Search Results on Internet Explorer 9 that i cannot disable or remove. I know i have removed a majority of the program beforehand, but these bits are still stuck in.

    Now, i figured that i come here, post my required log files, and see what else i need to do before i got mucking around in the registry files and accidentally mess something up.

    First, the Hijack this file:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:39:35 PM, on 7/3/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16490)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://htisnj.com/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Maureen\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3439330932-472239720-4052117389-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
    O4 - HKUS\S-1-5-21-3439330932-472239720-4052117389-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
    O4 - Startup: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Maureen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9594 bytes

    I will post the other 3 below
     
  2. SirVire

    SirVire Thread Starter

    Joined:
    May 17, 2007
    Messages:
    16
    DDS log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
    Run by Maureen at 14:44:30 on 2013-07-03
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3996.2258 [GMT -4:00]
    .
    AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    C:\Users\Maureen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://htisnj.com/index.html
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Maureen\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Maureen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.1 68.87.64.146
    TCP: Interfaces\{5F0AFE98-ADC5-42A8-9BDE-DFABDCD80882} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{9A7AEB88-905B-479E-9EC4-CF52A6FF733D} : DHCPNameServer = 192.168.1.1 68.87.64.146
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll
    SSODL: WebCheck - <orphaned>
    IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
    x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Maureen\AppData\Roaming\Mozilla\Firefox\Profiles\dj8oa570.default\
    FF - prefs.js: browser.search.selectedEngine - Vafmusic4 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302997&SearchSource=2&CUI=UN24352948408801626&UM=2&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
    FF - plugin: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
    FF - plugin: C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
    FF - ExtSQL: 2013-06-15 08:17; {ec966aaa-1510-4c02-8eb0-b42ad0c25e8b}; C:\Users\Maureen\AppData\Roaming\Mozilla\Firefox\Profiles\dj8oa570.default\extensions\{ec966aaa-1510-4c02-8eb0-b42ad0c25e8b}
    FF - ExtSQL: 2013-06-15 08:17; [email protected]; C:\Users\Maureen\AppData\Roaming\Mozilla\Firefox\Profiles\dj8oa570.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.proxy.type - 0
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27736]
    R2 AVP;Kaspersky Anti-Virus 6.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2010-3-12 311680]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Maureen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-6-15 107520]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-5 165032]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 376144]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-7-5 72216]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-5 2656280]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\System32\drivers\klfltdev.sys [2009-9-3 30736]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 EfiVariable;Efi Variable Service;C:\Windows\SysWOW64\drivers\variable64.sys [2012-7-6 18200]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-5 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-5 1255736]
    .
    =============== File Associations ===============
    .
    ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe"
    .
    =============== Created Last 30 ================
    .
    2013-07-03 18:27:12 388096 ----a-r- C:\Users\Maureen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-07-03 18:27:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-07-01 18:30:32 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-07-01 18:30:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-27 20:59:50 -------- d-----w- C:\Program Files\Microsoft Games
    2013-06-25 09:10:56 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27F1F1F3-9C7D-46A2-9769-5F8E3B9E6882}\mpengine.dll
    2013-06-22 01:27:19 -------- d-----w- C:\Users\Maureen\AppData\Local\LogMeIn Rescue Applet
    2013-06-15 12:18:12 -------- d-----w- C:\Users\Maureen\AppData\Local\CRE
    2013-06-15 12:16:42 -------- d-----w- C:\Users\Maureen\AppData\Roaming\DefaultTab
    2013-06-15 12:16:29 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-06-12 21:03:52 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-06-12 21:03:52 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    .
    ==================== Find3M ====================
    .
    2013-07-01 18:30:25 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-27 21:08:40 31616 ----a-w- C:\Windows\System32\FoolishEventLogMsgHelper.dll
    2013-06-12 21:14:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 21:14:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-08 10:33:34 35656 ----a-w- C:\Windows\System32\LMIport.dll
    2013-06-08 10:33:34 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2013-06-08 10:33:34 100680 ----a-w- C:\Windows\System32\LMIinit.dll
    2013-05-25 10:26:20 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 14:44:59.71 ===============

    GMER log:

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-03 15:00:45
    Windows 6.1.7601 Service Pack 1 x64
    Running: c78qo2jb.exe


    ---- Files - GMER 2.1 ----

    File C:\System Volume Information\Chkdsk 0 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130418200439.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130420132417.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130420171409.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130420200904.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130421142354.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130422093107.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130422225129.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130423091232.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130423233207.log 5120 bytes
    File C:\System Volume Information\Chkdsk\Chkdsk20130425091151.log 5120 bytes
    File C:\System Volume Information\fidbox.dat 4415552 bytes
    File C:\System Volume Information\fidbox.idx 43632 bytes
    File C:\System Volume Information\fidbox2.dat 64 bytes
    File C:\System Volume Information\fidbox2.idx 64 bytes
    File C:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
    File C:\System Volume Information\SPP 0 bytes
    File C:\System Volume Information\SPP\OnlineMetadataCache 0 bytes
    File C:\System Volume Information\SPP\OnlineMetadataCache\{343f97bf-c3bc-4d26-b570-0fb97f97fe1a}_OnDiskSnapshotProp 13384 bytes
    File C:\System Volume Information\SPP\OnlineMetadataCache\{697a7919-1b03-4a68-a499-411d97eb6a24}_OnDiskSnapshotProp 13408 bytes
    File C:\System Volume Information\SPP\OnlineMetadataCache\{b230d268-357e-4a8f-b1b0-3e19adeba9e0}_OnDiskSnapshotProp 13488 bytes
    File C:\System Volume Information\SPP\OnlineMetadataCache\{cfe1a1da-d06b-440a-9d22-3c2b173f52ff}_OnDiskSnapshotProp 13360 bytes
    File C:\System Volume Information\SPP\OnlineMetadataCache\{db146559-db9d-413e-bec6-ad5a53ba8db0}_OnDiskSnapshotProp 13432 bytes
    File C:\System Volume Information\SPP\OnlineMetadataCache\{ef1c6634-fed4-4104-8cc9-280740c439c8}_OnDiskSnapshotProp 13416 bytes
    File C:\System Volume Information\SPP\SppCbsHiveStore 0 bytes
    File C:\System Volume Information\SPP\SppGroupCache 0 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{CFE1A1DA-D06B-440A-9D22-3C2B173F52FF}_DriverPackageInfo 59280 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{343F97BF-C3BC-4D26-B570-0FB97F97FE1A}_DriverPackageInfo 59280 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{343F97BF-C3BC-4D26-B570-0FB97F97FE1A}_WindowsUpdateInfo 18992 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{697A7919-1B03-4A68-A499-411D97EB6A24}_DriverPackageInfo 59280 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{697A7919-1B03-4A68-A499-411D97EB6A24}_WindowsUpdateInfo 19576 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{B230D268-357E-4A8F-B1B0-3E19ADEBA9E0}_DriverPackageInfo 59280 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{B230D268-357E-4A8F-B1B0-3E19ADEBA9E0}_WindowsUpdateInfo 19576 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{CFE1A1DA-D06B-440A-9D22-3C2B173F52FF}_WindowsUpdateInfo 19232 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{D23FCE1F-F65A-4A28-A0A1-17CC1269C5AC}_DriverPackageInfo 59280 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{D23FCE1F-F65A-4A28-A0A1-17CC1269C5AC}_WindowsUpdateInfo 18992 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{D7E277A8-EA66-4174-A349-6E864EB6FFA7}_DriverPackageInfo 59280 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{D7E277A8-EA66-4174-A349-6E864EB6FFA7}_WindowsUpdateInfo 18992 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{DB146559-DB9D-413E-BEC6-AD5A53BA8DB0}_DriverPackageInfo 59280 bytes
    File C:\System Volume Information\SPP\SppGroupCache\{DB146559-DB9D-413E-BEC6-AD5A53BA8DB0}_WindowsUpdateInfo 19576 bytes
    File C:\System Volume Information\Syscache.hve 9175040 bytes
    File C:\System Volume Information\Syscache.hve.LOG1 262144 bytes
    File C:\System Volume Information\Syscache.hve.LOG2 0 bytes
    File C:\System Volume Information\tracking.log 20480 bytes
    File C:\System Volume Information\Windows Backup 0 bytes
    File C:\System Volume Information\Windows Backup\Catalogs 0 bytes
    File C:\System Volume Information\Windows Backup\Catalogs\GlobalCatalog.wbcat 136 bytes
    File C:\System Volume Information\Windows Backup\Catalogs\GlobalCatalogLock.dat 0 bytes
    File C:\System Volume Information\WindowsImageBackup 0 bytes
    File C:\System Volume Information\WindowsImageBackup\SPPMetadataCache 0 bytes
    File C:\System Volume Information\{1dfe0388-e3dd-11e2-8b6d-e840f2c2516c}{3808876b-c176-4e48-b7ae-04046e6cc752} 368771072 bytes
    File C:\System Volume Information\{2f24bbb4-df6a-11e2-b81c-e840f2c2516c}{3808876b-c176-4e48-b7ae-04046e6cc752} 297598976 bytes
    File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
    File C:\System Volume Information\{381ed0fa-e279-11e2-9891-e840f2c2516c}{3808876b-c176-4e48-b7ae-04046e6cc752} 140640256 bytes
    File C:\System Volume Information\{381ed0fe-e279-11e2-9891-e840f2c2516c}{3808876b-c176-4e48-b7ae-04046e6cc752} 1112047616 bytes
    File C:\System Volume Information\{51203d9c-df6e-11e2-ab99-e840f2c2516c}{3808876b-c176-4e48-b7ae-04046e6cc752} -405598208 bytes
    File C:\System Volume Information\{eb20336a-e40d-11e2-8797-e840f2c2516c}{3808876b-c176-4e48-b7ae-04046e6cc752} 536870912 bytes
    File C:\Windows\CSC\v2.0.6\namespace 0 bytes
    File C:\Windows\CSC\v2.0.6\pq 64 bytes
    File C:\Windows\CSC\v2.0.6\sm 4 bytes
    File C:\Windows\CSC\v2.0.6\temp 0 bytes
    File C:\Windows\CSC\v2.0.6\temp\ea-{d9a4b1b5-c75e-11e1-8a5e-b56b879a42b4} 0 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 72 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 72 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 72 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 72 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl 72 bytes

    ---- EOF - GMER 2.1 ----
     
  3. SirVire

    SirVire Thread Starter

    Joined:
    May 17, 2007
    Messages:
    16
    nevermind, it went away. how conveniant.... >_>, <_<
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Trouble removing Default
  1. triciabard
    Replies:
    7
    Views:
    766
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1102708

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice