Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


ControlDeckStartUp.exe error message, Internet Explorer window keeps popping out

  • Please log in to reply
11 replies to this topic

#1 rody


  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 08 September 2013 - 03:17 PM

first of all thank you for taking the time to read my thread and about the problems my brother has faced. It is his laptop, so i am just trying to help him because i saw him start to be desperate by downloading random weird programs online like RegServo, thinking it could help to save his laptop but i find it weird because it detected over 2000 viruses??
I can describe some problems i met earlier on his laptop to you.
Main Problems
Problem 1:
While starting the laptop, it will get an error message window with the title ControlDeckStartUp.exe - .NET Framework Initialization Error
The error message is: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll could not be loaded

So i clicked OK or the X button to close it.
Next, the screen will become totally black and i have to wait for awhile before the desktop will be shown.
NOTE: Sometimes, while starting up, the black screen will not be shown but when the desktop is shown, that is when the error message window start popping out!
Problem 2:
Then some Internet Explorer windows will pop out themselves, the website is: TECHBROWSING.COM

So most of the times I didnt use Internet Explorer as a browsing to surf but Mozilla Firefox. But even so when i didnt launch Internet Eplorer at all, those windows will still pop out automatically.
Problem 3:
  • Cannot install new windows updates to computer since late Dec 2012 (tried to update but upon restarting and i went to update history, the status said 'failed' for over 50 files at least, I think over 100 files cannot be updated.
Problem 4:
  • Very laggy, lol
I saw some weird processes running when i went to task manager, they are:
ATKOSD.exe, ATKOSD2.exe *32, HControl.exe, HControlUser.exe *32, KBFiltr.exe, nvvsvc.exe, sidebar.exe, vprot.exe *32, WDC.exe, winlogon.exe
I dont know what else. But these look suspicious. lol
What I have done just now to the laptop to help my brother before i run the DDS program:
  • Install programs like SuperAntiSpyware, AdAware Anti Virus, Spyware Blaster, Spybot Search & Destroy
  • Updated the programs
  • Run SuperAntiSpyware (Quick Scan), Spybot Search & Destroy, Avast! Free Antivirus(Quick Scan)
  • Deleted items detected from SuperAntiSpyware, Spybot Search & Destroy, Avast

    I deleted many detected items (129 items) from Spybot Search & Destroy! They also detected Trend Micro and this program actually contained many many problems! Weird when it is suppose to be a security program!

    BUT problem 1-3 still exist. I am unsure what other problems are there because i am not the user of this laptop. I only use this laptop for about 7 hours mainly by performing the above scanning and deleting tasks.

Edited by rody, 08 September 2013 - 03:28 PM.

BC AdBot (Login to Remove)


#2 rody

  • Topic Starter

  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 08 September 2013 - 03:20 PM

I cant attach the attach.txt file because it said it is over the upload limit! My attach.txt is 16.4KB




Please let me know if you want me to post it here or do it privately using other methods?




Thank you very much, I look forward to your replies! :bananas: :bounce: :bananas:

#3 nasdaq


  • Malware Response Team
  • 40,730 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 13 September 2013 - 12:50 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

I do not need to see the Attach.txt file at the moment. Run these tools and post the logs for my review.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.


Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#4 rody

  • Topic Starter

  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 13 September 2013 - 01:35 PM

Hi nasdaq, thank, you for responding. 


For the AdwCleaner, after i scanned and i got the report, do i post that report (nothing is cleaned),


or do i scan, click 'clean' and then click 'report'?


I dont have anything that i wanna keep from the scanned list. So do i click 'clean' before i show u the report? Or do you want the original report? (without cleaning anything)

#5 nasdaq


  • Malware Response Team
  • 40,730 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 13 September 2013 - 01:39 PM

Please run the Clean option, save the file and post the content for my review.

#6 rody

  • Topic Starter

  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 13 September 2013 - 02:49 PM

Okay heres the AdwCleaner log:




# AdwCleaner v3.003 - Report created 14/09/2013 at 02:40:29
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\All Cleaning Programs\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\ProgramData\Tencent
Folder Deleted : C:\Program Files (x86)\AddLyrics
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\baidu
Folder Deleted : C:\Program Files (x86)\blekko
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Funshion Online
Folder Deleted : C:\Program Files (x86)\Tencent
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
Folder Deleted : C:\users\user\AppData\Local\AVG Secure Search
Folder Deleted : C:\users\user\AppData\Local\Tencent
Folder Deleted : C:\users\user\AppData\LocalLow\adawaretb
Folder Deleted : C:\users\user\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\users\user\AppData\LocalLow\baidu
Folder Deleted : C:\users\user\AppData\LocalLow\blekko
Folder Deleted : C:\users\user\AppData\LocalLow\Conduit
Folder Deleted : C:\users\user\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\users\user\AppData\LocalLow\PriceGong
Folder Deleted : C:\users\user\AppData\Roaming\baidu
Folder Deleted : C:\users\user\AppData\Roaming\DefaultTab
Folder Deleted : C:\users\user\AppData\Roaming\Tencent
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0hdpjcl5.default-1357467461636\adawaretb
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gnux0zpp.default\Smartbar
File Deleted : C:\END
File Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0hdpjcl5.default-1357467461636\searchplugins\spamfreesearch.xml
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0hdpjcl5.default-1357467461636\user.js
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gnux0zpp.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zune-software_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zune-software_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{441DDAAE-EE81-4DFF-B523-11D1A9134C3E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{709CA6FC-5747-4C3C-A4B0-064AC86415ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6026FA7-B9E5-4265-B22E-8EC40169C83D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA93826B-8DCE-40C3-9E31-07E449C0A979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FDD38D8-AEFE-44BF-99D8-C7FFCCA906B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7E50B0B-C17D-490A-9D25-22C3EA384400}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EECF410C-006C-4A05-AD13-6741A0814DBF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\blekko
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\blekko
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spamfreesearch
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0hdpjcl5.default-1357467461636\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=922b8d1d000000000000001e646d34b8");
Line Deleted : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=922b8d1d000000000000001e646d34b8&q=");
Line Deleted : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Line Deleted : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Line Deleted : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=922b8d1d000000000000001e646d34b8&q=");


AdwCleaner[R0].txt - [17027 octets] - [14/09/2013 02:25:28]
AdwCleaner[S0].txt - [15516 octets] - [14/09/2013 02:40:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15577 octets] ##########


And heres the JRT log:




Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on 14/09/2013 Sat at  2:52:38.15

~~~ Services

Successfully stopped: [Service] hshld
Successfully deleted: [Service] hshld

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3764852082-4103192649-623538744-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\addlyrics1050_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\addlyrics1050_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\addlyrics1050_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\addlyrics1050_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3E582B04-E66F-4EEE-8D4D-F67AC1B8F0DA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9DC9945F-B652-4CF1-B6BE-9B6050D6EDFF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ECFC65C7-6005-4E2A-BDA7-F74587BE5565}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1373BA72-5012-496E-9F72-7A426DCF78BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4145006D-47F8-42F2-8186-2225AAFECDD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4145006D-47F8-42F2-8186-2225AAFECDD3}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\AddLyrics update.job
Successfully deleted: [File] "C:\Windows\syswow64\funshion.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\user\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\user\funshion"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\0hdpjcl5.default-1357467461636\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{829ad732-f3db-4011-81c4-135f2fb05d8e}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{829ad732-f3db-4011-81c4-135f2fb05d8e}
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\0hdpjcl5.default-1357467461636\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\0hdpjcl5.default-1357467461636\minidumps [33 files]

~~~ Event Viewer Logs were cleared

Scan was completed on 14/09/2013 Sat at  3:24:09.99
End of JRT log


#7 rody

  • Topic Starter

  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 13 September 2013 - 02:51 PM

The DDS content:




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by user at 3:25:23 on 2013-09-14
Microsoft Windows 7 Home Premium   6.1.7600.0.936.86.1033.18.4095.2597 [GMT 8:00]
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://asus.msn.com
uProxyOverride = <local>;localhost;10.*;192.168.*;;
mWinlogon: Userinit = userinit.exe
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Funshion] "C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe" startbywindows tray
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
TCP: NameServer =
TCP: Interfaces\{B99A9491-F5FA-412F-A0DC-DF2586AE7304} : NameServer =
TCP: Interfaces\{E7C972D3-5CF2-49AE-B7DA-C9821B34CD32} : DHCPNameServer =
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-SSODL: WebCheck - <orphaned>
================= FIREFOX ===================
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0hdpjcl5.default-1357467461636\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.sg/?gws_rd=cr&ei=MsUsUrO2AcaHrQeDs4G4Dw
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\baidu\BaiduPlayer2\plugins\npagex.dll
FF - plugin: C:\Program Files (x86)\baidu\BaiduPlayer2\plugins\npBDSetupDone.dll
FF - plugin: C:\Program Files (x86)\baidu\BaiduPlayer2\plugins\npBDSetupDoneReg.dll
FF - plugin: C:\Program Files (x86)\baidu\BaiduPlayer2\plugins\NPSWF32.dll
FF - plugin: C:\Program Files (x86)\baidu\BaiduPlayer2\plugins\npxbdyy.dll
FF - plugin: C:\Program Files (x86)\baidu\BaiduPlayer2\plugins\npxbdyyreg.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQLive\LiveOcx\npQQLive.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\Downloaded Program Files\32837165\npxbdsetup.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-05 00:30; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\
FF - ExtSQL: 2013-08-25 23:18; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
FF - ExtSQL: !HIDDEN! 2013-03-13 01:27; {829AD732-F3DB-4011-81C4-135F2FB05D8E}; C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
============= SERVICES / DRIVERS ===============
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-8 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-8 204880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-9-8 14456]
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2009-10-26 15928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-20 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-20 378944]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-5 45856]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-8-25 46792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-24 143120]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-10-26 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-10-26 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-20 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-20 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-8 46808]
R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-10-26 306232]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-9-8 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-9-8 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-9-8 171928]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-10-26 35104]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-29 58368]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-8-10 7058432]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-25 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-24 40448]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-24 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-23 1255736]
=============== Created Last 30 ================
2013-09-13 18:52:33    --------    d-----w-    C:\Windows\ERUNT
2013-09-13 18:30:58    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3A26F9FD-24F6-4853-AFC4-CDC193A93BD5}\mpengine.dll
2013-09-13 18:25:18    --------    d-----w-    C:\AdwCleaner
2013-09-09 19:25:03    --------    d-----w-    C:\Windows\System32\SPReview
2013-09-09 16:53:35    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-09 16:52:42    9515512    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-09-08 19:01:08    --------    d-----w-    C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
2013-09-08 19:00:18    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-09-08 19:00:18    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-09-08 15:37:12    17272    ----a-w-    C:\Windows\System32\sdnclean64.exe
2013-09-08 14:53:43    --------    d-----w-    C:\ProgramData\Ad-Aware Antivirus
2013-09-08 14:53:42    --------    d-----w-    C:\Users\user\AppData\Roaming\LavasoftStatistics
2013-09-08 14:31:40    --------    d-----w-    C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-08 14:30:09    --------    d-----w-    C:\ProgramData\Downloaded Installations
2013-09-08 14:29:55    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
2013-09-08 14:29:46    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
2013-09-08 14:29:12    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2013-09-08 14:24:19    47496    ----a-w-    C:\Windows\System32\sbbd.exe
2013-09-08 14:24:19    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-09-08 14:24:12    --------    d-----w-    C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
2013-09-08 14:00:25    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-09-08 14:00:25    204880    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-09-08 13:56:45    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-09-08 13:53:44    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-08 13:33:50    --------    d-----w-    C:\ProgramData\Licenses
2013-09-08 13:33:20    --------    d-----w-    C:\Program Files (x86)\SpywareBlaster
2013-09-08 12:18:38    --------    d-----w-    C:\ProgramData\REGSERVO64
2013-08-25 15:18:15    46792    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2013-08-24 18:27:03    --------    d-----w-    C:\Windows\System32\MRT
==================== Find3M  ====================
2013-09-13 19:19:29    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 19:19:29    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-30 07:48:10    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40    41664    ----a-w-    C:\Windows\avastSS.scr
2013-08-25 15:38:34    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-08-06 20:22:02    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2009-04-08 17:31:56    106496    ----a-w-    C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20    155648    ----a-w-    C:\Program Files (x86)\Common Files\MSIactionall.dll
============= FINISH:  3:27:40.75 ===============


And lastly, the Checkup log:



 Results of screen317's Security Check version 0.99.73  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus    
Lavasoft Ad-Aware   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Spybot - Search & Destroy
 Java 7 Update 9  
 Java version out of Date!
 Adobe Flash Player 11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe   
 Ad-Aware Antivirus SBAMSvc.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


#8 rody

  • Topic Starter

  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 13 September 2013 - 02:55 PM

Not sure if this might help but:


Just to let you know there is a change in how the window starts up.


The laptop hasnt been in use since i last posted up the problem on this forum.



When i turn up the laptop just now, when it comes to the desktop, the same error message shows up, but the desktop icons are not shown at all. It only shows the desktop wallpaper. It takes awhile before the desktop icons appear. 


:tophat:  Thank you! 

#9 nasdaq


  • Malware Response Team
  • 40,730 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 14 September 2013 - 08:07 AM

While starting the laptop, it will get an error message window with the title ControlDeckStartUp.exe - .NET Framework Initialization Error
The error message is: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll could not be loaded

You are probably missing the version 4 of .net.
Not being able to update since Dec 2012 may be the cause of most or your problems.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Register system files
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Restart the computer normally.

To get Version 4 of the .net application you need the Sp1 for Windows 7.

Install first the Security pack. SP1.


Restart the computer normally.

If you can install all the other Updates required or recommended.

Keep me posted one the issues that are still pending.

#10 rody

  • Topic Starter

  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 15 September 2013 - 07:31 AM

Hmmm.... well, i actually faced some problems while trying to update the laptop to SP1.




Firstly, I just wanna let you know when the laptop starts and once the desktop is shown, I will get a message from Windows Activation Technologies telling me that 'This computer is not running genuine Windows'. I just hit the X button.


Please see attached for the message. (Windows Activation Technologies.png)


I will get the message a few times while using the laptop (it just pops out suddenly).





Secondly, I have already created restore point and ran Repair_Windows.exe







Thirdly, I tried to install SP1 again from Windows Update but it failed (including other updates).


Hence, I went to the site that you have given: http://windows.microsoft.com/installwindows7sp1


From there, I downloaded Windows 7 Service Pack 1.


There are many files to choose from and I picked: windows6.1-KB976932-X64.exe (903.2MB) to download.

My laptop is Windows 7 Home Premium, 64-bit Operating System (according to Control Panel). So i guess i picked the right one.


After downloading the above file, I tried installing but after some time, it told me that the installation fails. 





Then I got a message screen (please see attached). (Install Windows Service Pack (Details).png


When I clicked on 'details', it says the error is: 'Error: ERROR_SXS_COMPONENT_STORE_CORRUPT (0x80073712)'.


The message gave a link to describe about the above error. The description is: "The component store is in an inconsistent state."






The message also gave me another link to go download and run the 'Check for System Update Readiness' tool at the given site. http://support.microsoft.com/kb/947821


From there, under 'RESOLUTION', I clicked on 'All supported x64-based versions of Windows 7'.


It leads me to the download page to download 'System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [August 2013]'.


The filename is Windows6.1-KB947821-v28-x64.msu (403.9 MB).


However, from the webpage it says the system requirement is Windows 7 Service Pack 1. I downloaded it anyway thinking to give it a go although I dont have SP1 on my laptop.






Now i am running that system update readiness tool while i typed all these on another laptop.   :smash:


#11 rody

  • Topic Starter

  • Members
  • 136 posts
  • Gender:Female
  • Location:Brass Castle
  • Local time:07:54 AM

Posted 15 September 2013 - 07:33 AM

Okay the files i have screenshot are over the upload size limit so i cant show you :(


Guess id just type them out.



The 'Windows Activation Technologies' message:


"This computer is not running genuine Windows To use Windows without interruption, this computer needs to be running genuine Windows. With genuine Windows you have access to all Windows update and can be confident that your Windows software has the latest security and reliability enhancements from Microsoft." 


Underneath there is a number code that reads: 0x8004fe21




The Install Windows Service Pack message:


"Installation was not successful"


A system error prevented the service pack from installing. Please download and run the 'Check for System Update Readiness' tool at http://support.microsoft.com/kb/947821



If the "Check for System Readiness" tool doesn't fix the problems, visit the Microsoft website for more information.





Edited by rody, 15 September 2013 - 07:43 AM.

#12 nasdaq


  • Malware Response Team
  • 40,730 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 15 September 2013 - 08:27 AM

Your error:


I found this possible fix here.

As this is not my forte, before you proceed I suggest you start a new topic in the Windows 7 Forum

Ask if this is the correct route to take.
An expert may want you to provide more information before proceeding and help you clear that problem.

When this is fixed we can continue cleaning your computer of malware.
Return to this topic then and will continue.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users