Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Java Update Tab Opening in Firefox


  • This topic is locked This topic is locked
21 replies to this topic

#1 jackwill

jackwill

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 27 October 2013 - 03:02 PM

This last week I have been having a new tab open on me me every once in a whiletelling  I have to update Java. It was also  a tab telling me I had to update firefox  I quickly established the falsity of that by clicking on the check for updates button in Firefox and seeing there were none availaible. Now it's jus the Java update tab opening Don't know why the Firefox update tab has quit opening.

 

Anyway about 6 days ago when this problem started I ran a bunch of scans- Eset, Malwarebytes, Superantispyware, SpyBot, and AdwCleaner. Eset and Malwarebytes found a bunch of stuff and deleted them. Now yesterday the problem is back

 

So today I ran RogueKiller, Junkware Removal tool, ComboFix, and AdwCleaner and HiJackThis. I'm gonna more scanners but I thought I'd show you the logs thus far.

 

Thanks very much for your help

 

 

RogueKiller

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DD [Admin rights]
Mode : Remove -- Date : 10/27/2013 12:10:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
--- User ---
[MBR] 45a54e8f3f99acd4e1dddb9ac2c69ca2
[BSP] df8fa8aed94603eda02fb7187b84b18d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB  CF Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB  SD Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic USB  MS Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic USB  SM Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_10272013_121032.txt >>
RKreport[0]_S_10272013_121025.txt

 

ComboFix

 

ComboFix 13-10-26.01 - DD 10/27/2013  12:21:29.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6347 [GMT -7:00]
Running from: c:\users\DD\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\1321120953.bdinstall.bin
c:\windows\SysWow64\atieclxx.exe
c:\windows\SysWow64\atiesrxx.exe
c:\windows\SysWow64\conhost.exe
c:\windows\SysWow64\dwm.exe
c:\windows\SysWow64\lsm.exe
c:\windows\SysWow64\spoolsv.exe
c:\windows\SysWow64\taskhost.exe
c:\windows\SysWow64\WUDFHost.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-27 to 2013-10-27  )))))))))))))))))))))))))))))))
.
.
2013-10-27 19:25 . 2013-10-27 19:25    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2013-10-27 19:25 . 2013-10-27 19:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-26 19:44 . 2013-10-26 19:58    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-26 19:44 . 2013-10-26 19:44    116440    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-26 19:44 . 2013-10-26 19:44    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-25 23:39 . 2013-10-25 23:39    --------    d-----w-    c:\users\DD\AppData\Roaming\LavasoftStatistics
2013-10-25 23:32 . 2013-10-25 23:32    --------    d-----w-    c:\program files\Lavasoft
2013-10-25 23:32 . 2013-10-25 23:32    --------    d-----w-    c:\program files\Common Files\Lavasoft
2013-10-25 22:53 . 2013-10-25 22:53    0    ----a-w-    c:\windows\SysWow64\winlogon.exe
2013-10-25 22:53 . 2013-10-25 22:53    0    ----a-w-    c:\windows\SysWow64\smss.exe
2013-10-25 22:53 . 2013-10-25 22:53    0    ----a-w-    c:\windows\SysWow64\services.exe
2013-10-25 22:53 . 2013-10-25 22:53    0    ----a-w-    c:\windows\SysWow64\lsass.exe
2013-10-25 17:54 . 2013-10-14 07:12    10280728    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9DEC7E5-ECC7-4AAE-B161-9B0C76C55720}\mpengine.dll
2013-10-18 20:35 . 2013-10-18 20:35    --------    d-----w-    c:\programdata\ATI
2013-10-18 20:35 . 2013-10-18 20:35    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-10-10 17:45 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-10 17:44 . 2013-08-28 01:21    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-10-02 16:58 . 2013-10-25 23:06    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-01 18:40 . 2013-10-01 18:40    --------    d-----w-    c:\program files\Ventrilo
2013-10-01 18:39 . 2013-10-01 18:39    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 07:18 . 2010-06-05 21:23    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 02:19 . 2012-04-03 17:13    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 02:19 . 2011-05-18 22:22    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-27 00:15 . 2013-09-27 00:15    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2013-09-27 00:10 . 2013-09-27 00:10    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2013-09-26 21:21 . 2013-09-26 21:21    157736    ----a-w-    c:\windows\system32\amdhcp64.dll
2013-09-26 21:21 . 2013-09-26 21:21    142304    ----a-w-    c:\windows\SysWow64\amdhcp32.dll
2013-09-26 21:21 . 2013-09-26 21:21    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2013-09-26 21:21 . 2013-09-26 21:21    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2013-09-26 21:21 . 2013-09-26 21:21    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2013-09-26 21:21 . 2013-09-26 21:21    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2013-09-26 21:21 . 2013-08-31 00:14    126336    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2013-09-26 21:21 . 2012-09-28 01:11    143304    ----a-w-    c:\windows\system32\atiuxp64.dll
2013-09-26 21:21 . 2013-09-26 21:21    98496    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2013-09-26 21:21 . 2013-09-26 21:21    115512    ----a-w-    c:\windows\system32\atiu9p64.dll
2013-09-26 21:21 . 2012-09-28 01:41    1311360    ----a-w-    c:\windows\system32\aticfx64.dll
2013-09-26 21:21 . 2013-08-31 00:13    1094000    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2013-09-26 21:21 . 2012-09-28 01:22    9571960    ----a-w-    c:\windows\system32\atidxx64.dll
2013-09-26 21:20 . 2013-08-31 00:13    8228328    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2013-09-26 21:20 . 2013-09-26 21:20    6512312    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2013-09-26 21:20 . 2013-09-26 21:20    6630232    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2013-09-26 21:20 . 2013-09-26 21:20    7139552    ----a-w-    c:\windows\system32\atiumd6a.dll
2013-09-26 21:20 . 2013-09-26 21:20    7751408    ----a-w-    c:\windows\system32\atiumd64.dll
2013-09-26 21:18 . 2013-09-26 21:18    12760576    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2013-09-26 21:04 . 2013-09-26 21:04    229888    ----a-w-    c:\windows\system32\clinfo.exe
2013-09-26 21:04 . 2013-09-26 21:04    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2013-09-26 21:04 . 2013-09-26 21:04    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2013-09-26 21:04 . 2013-09-26 21:04    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2013-09-26 21:04 . 2013-09-26 21:04    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2013-09-26 21:04 . 2013-09-26 21:04    28469248    ----a-w-    c:\windows\system32\amdocl64.dll
2013-09-26 21:01 . 2013-09-26 21:01    24008192    ----a-w-    c:\windows\SysWow64\amdocl.dll
2013-09-26 20:59 . 2013-09-26 20:59    63488    ----a-w-    c:\windows\system32\OpenCL.dll
2013-09-26 20:59 . 2013-09-26 20:59    57344    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-09-26 20:54 . 2013-09-26 20:54    129536    ----a-w-    c:\windows\system32\coinst_13.20.16.dll
2013-09-26 20:51 . 2013-09-26 20:51    25828864    ----a-w-    c:\windows\system32\atio6axx.dll
2013-09-26 20:45 . 2013-09-26 20:45    368640    ----a-w-    c:\windows\system32\atiapfxx.exe
2013-09-26 20:45 . 2013-09-26 20:45    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2013-09-26 20:44 . 2013-09-26 20:44    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2013-09-26 20:44 . 2013-09-26 20:44    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2013-09-26 20:44 . 2013-09-26 20:44    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2013-09-26 20:44 . 2013-09-26 20:44    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2013-09-26 20:41 . 2013-09-26 20:41    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2013-09-26 20:32 . 2013-09-26 20:32    21724160    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2013-09-26 20:23 . 2013-09-26 20:23    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2013-09-26 20:23 . 2013-09-26 20:23    31232    ----a-w-    c:\windows\system32\atimuixx.dll
2013-09-26 20:23 . 2013-09-26 20:23    580608    ----a-w-    c:\windows\system32\atieclxx.exe
2013-09-26 20:22 . 2013-09-26 20:22    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2013-09-26 20:20 . 2013-09-26 20:20    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2013-09-26 19:50 . 2013-09-26 19:50    1133568    ----a-w-    c:\windows\system32\atiadlxx.dll
2013-09-26 19:50 . 2013-09-26 19:50    819712    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2013-09-26 19:50 . 2013-09-26 19:50    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2013-09-26 19:50 . 2013-09-26 19:50    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2013-09-26 19:50 . 2013-09-26 19:50    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2013-09-26 19:50 . 2013-09-26 19:50    100352    ----a-w-    c:\windows\system32\atig6txx.dll
2013-09-26 19:49 . 2013-09-26 19:49    96768    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2013-09-26 19:49 . 2013-09-26 19:49    95744    ----a-w-    c:\windows\system32\amdave64.dll
2013-09-26 19:49 . 2013-09-26 19:49    619008    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2013-09-26 19:49 . 2013-09-26 19:49    90112    ----a-w-    c:\windows\SysWow64\amdave32.dll
2013-09-26 19:49 . 2013-09-26 19:49    89088    ----a-w-    c:\windows\system32\atisamu64.dll
2013-09-26 19:49 . 2013-09-26 19:49    80896    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2013-09-26 19:46 . 2013-09-26 19:46    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2013-09-03 21:35 . 2010-02-11 15:01    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-10 17:44    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-12 15:52    155584    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-12 15:51    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-12 15:51    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-12 15:51    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-12 15:51    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-12 15:51    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-12 15:51    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 15:51    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-12 15:51    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-12 15:51    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-12 15:51    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-27 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 SSMO4Filter;MMO-4 Mouse;c:\windows\system32\drivers\MO4Driver.sys;c:\windows\SYSNATIVE\drivers\MO4Driver.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 aswKbd;aswKbd; [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:19]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 08:06]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-21 13538376]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe" [2013-10-19 2493272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 64.59.160.13 64.59.161.68
FF - ProfilePath - c:\users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\rtos426o.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IECT3286042 - c:\programdata\Conduit\IE\CT3286042\UninstallerUI.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-27  12:28:10
ComboFix-quarantined-files.txt  2013-10-27 19:28
.
Pre-Run: 327,777,419,264 bytes free
Post-Run: 327,943,938,048 bytes free
.
- - End Of File - - 37E9EF342FB358FB80227ECE0E2E3F68
A36C5E4F47E84449FF07ED3517B43A31
 

 

AdwCleaner

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 12:29:44
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : DD - DD-PC
# Running from : C:\Users\DD\Desktop\Stuff\PCMaintenance\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\rtos426o.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [15001 octets] - [20/08/2013 14:56:22]
AdwCleaner[R10].txt - [1936 octets] - [18/09/2013 17:29:55]
AdwCleaner[R11].txt - [2057 octets] - [22/09/2013 12:48:36]
AdwCleaner[R12].txt - [9729 octets] - [22/09/2013 12:55:57]
AdwCleaner[R13].txt - [2300 octets] - [22/09/2013 12:59:52]
AdwCleaner[R14].txt - [2362 octets] - [23/09/2013 15:25:20]
AdwCleaner[R15].txt - [2423 octets] - [30/09/2013 17:07:50]
AdwCleaner[R16].txt - [4025 octets] - [05/10/2013 18:40:22]
AdwCleaner[R17].txt - [2663 octets] - [07/10/2013 17:46:34]
AdwCleaner[R18].txt - [2726 octets] - [08/10/2013 17:32:43]
AdwCleaner[R19].txt - [3505 octets] - [10/10/2013 17:30:47]
AdwCleaner[R1].txt - [992 octets] - [22/08/2013 10:11:07]
AdwCleaner[R20].txt - [3079 octets] - [18/10/2013 13:37:09]
AdwCleaner[R21].txt - [3095 octets] - [19/10/2013 19:52:35]
AdwCleaner[R22].txt - [3217 octets] - [20/10/2013 15:44:34]
AdwCleaner[R23].txt - [3336 octets] - [25/10/2013 16:41:05]
AdwCleaner[R24].txt - [3478 octets] - [27/10/2013 12:29:16]
AdwCleaner[R2].txt - [1051 octets] - [22/08/2013 18:35:00]
AdwCleaner[R3].txt - [1373 octets] - [24/08/2013 19:43:06]
AdwCleaner[R4].txt - [1453 octets] - [01/09/2013 12:00:21]
AdwCleaner[R5].txt - [13239 octets] - [11/09/2013 17:12:31]
AdwCleaner[R6].txt - [2498 octets] - [11/09/2013 17:25:25]
AdwCleaner[R7].txt - [1575 octets] - [16/09/2013 09:41:06]
AdwCleaner[R8].txt - [1695 octets] - [16/09/2013 17:49:39]
AdwCleaner[R9].txt - [1815 octets] - [17/09/2013 17:08:20]
AdwCleaner[S0].txt - [14932 octets] - [20/08/2013 14:56:58]
AdwCleaner[S10].txt - [9818 octets] - [22/09/2013 12:56:24]
AdwCleaner[S11].txt - [3937 octets] - [05/10/2013 18:40:55]
AdwCleaner[S12].txt - [2727 octets] - [07/10/2013 17:47:02]
AdwCleaner[S13].txt - [2788 octets] - [08/10/2013 17:33:02]
AdwCleaner[S14].txt - [3468 octets] - [10/10/2013 17:31:26]
AdwCleaner[S15].txt - [3143 octets] - [18/10/2013 13:37:41]
AdwCleaner[S16].txt - [3157 octets] - [19/10/2013 19:53:09]
AdwCleaner[S17].txt - [3279 octets] - [20/10/2013 15:45:03]
AdwCleaner[S18].txt - [3398 octets] - [25/10/2013 16:41:50]
AdwCleaner[S19].txt - [2857 octets] - [27/10/2013 12:29:44]
AdwCleaner[S1].txt - [1113 octets] - [22/08/2013 18:35:22]
AdwCleaner[S2].txt - [1403 octets] - [01/09/2013 12:00:55]
AdwCleaner[S3].txt - [12858 octets] - [11/09/2013 17:12:52]
AdwCleaner[S4].txt - [2527 octets] - [11/09/2013 17:25:52]
AdwCleaner[S5].txt - [1636 octets] - [16/09/2013 09:41:42]
AdwCleaner[S6].txt - [1756 octets] - [16/09/2013 17:50:05]
AdwCleaner[S7].txt - [1876 octets] - [17/09/2013 17:08:38]
AdwCleaner[S8].txt - [1997 octets] - [18/09/2013 17:30:20]
AdwCleaner[S9].txt - [2118 octets] - [22/09/2013 12:48:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S19].txt - [3459 octets] ##########

 

Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by DD on Sun 10/27/2013 at 12:11:04.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\DD\appdata\local\{91A3627B-2F99-4FA5-90F4-31B5C9AC3047}
Successfully deleted: [Empty Folder] C:\Users\DD\appdata\local\{A4028A0E-8DFB-4A0D-A3B3-26173B4EB9D8}



~~~ FireFox

Successfully deleted the following from C:\Users\DD\AppData\Roaming\mozilla\firefox\profiles\rtos426o.default\prefs.js

user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbutoolbar-google-com_PNNR786EM2TMN2E6X1DT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
Emptied folder: C:\Users\DD\AppData\Roaming\mozilla\firefox\profiles\rtos426o.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/27/2013 at 12:16:08.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Here is my HiJackThis log after running those scanners:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:06:25 PM, on 10/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7864 bytes
 


Edited by jackwill, 27 October 2013 - 03:07 PM.


BC AdBot (Login to Remove)

 


#2 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 28 October 2013 - 04:43 PM

I should add that this problem is also happening in Iron Browser which is a clone of Google Chrome



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 PM

Posted 01 November 2013 - 03:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/512044 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 01 November 2013 - 06:50 PM

Update: After 3 days without incident I just had this problem again. This time I copied the url of the redirect http://newestjavadownload.com/index.php?dv1=Ybrant%20Digital

 

And thank you HelpBot. I will follow your instructions and post a DDS log as soon as I can.

 

 

Edit: Here is my DDS log

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by DD at 16:56:06 on 2013-11-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6318 [GMT -7:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:153
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
TCP: NameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{AF680BDF-F279-4EC0-805C-669D3BFE205D} : DHCPNameServer = 64.59.160.13 64.59.161.68
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\rtos426o.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-20 19600]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-3-5 14136]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-4-20 253528]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-9-26 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-9-26 344064]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-7-31 42240]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-8 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-11 215040]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-20 84568]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-7-31 42240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-8-4 21712]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2012-2-18 59256]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-20 84568]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-4-20 60504]
S3 SSMO4Filter;MMO-4 Mouse;C:\Windows\System32\drivers\MO4Driver.sys [2011-7-27 21504]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-6 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-01 17:49:24    --------    d-----w-    C:\Users\DD\AppData\Local\{F5FA9467-8D2E-46CE-B3F4-685ABDCF2E78}
2013-11-01 10:46:58    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2DC50D72-C7AB-49D8-A4AD-EFC21218ECA8}\mpengine.dll
2013-10-31 19:24:25    --------    d-----w-    C:\Users\DD\AppData\Local\{E6F1D00F-492E-4D60-8F11-E8894D81BCA4}
2013-10-30 17:01:55    --------    d-----w-    C:\Users\DD\AppData\Local\{6B7BDFE8-4610-42B6-9439-A32FA7AF7AFD}
2013-10-29 16:51:16    --------    d-----w-    C:\Users\DD\AppData\Local\{4A0E7A24-E2A1-4307-9FF0-07745C0A4BFB}
2013-10-28 22:34:24    --------    d-----w-    C:\Users\DD\AppData\Local\{CCB2507B-5EA7-43A6-B09B-84E936301A38}
2013-10-28 21:26:36    --------    d-----w-    C:\Users\DD\AppData\Local\{6FB2FFD8-4AE9-4799-A230-4D11E43694EC}
2013-10-28 21:25:04    --------    d-----w-    C:\Users\DD\AppData\Local\{933CEDCF-F858-441A-A59C-8712FD16C08B}
2013-10-28 05:48:47    --------    d-----w-    C:\ProgramData\Oracle
2013-10-28 05:47:58    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 19:28:14    --------    dcsh--w-    C:\$RECYCLE.BIN
2013-10-26 19:44:52    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-26 19:44:23    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-25 23:39:46    --------    d-----w-    C:\Users\DD\AppData\Roaming\LavasoftStatistics
2013-10-25 23:32:47    --------    d-----w-    C:\Program Files\Lavasoft
2013-10-25 23:32:11    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2013-10-25 22:53:12    0    ----a-w-    C:\Windows\SysWow64\winlogon.exe
2013-10-25 22:53:12    0    ----a-w-    C:\Windows\SysWow64\smss.exe
2013-10-25 22:53:12    0    ----a-w-    C:\Windows\SysWow64\services.exe
2013-10-25 22:53:12    0    ----a-w-    C:\Windows\SysWow64\lsass.exe
2013-10-25 22:53:12    0    ----a-w-    C:\Windows\SysWow64\csrss.exe
2013-10-18 20:35:51    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-10-10 17:45:05    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-10-10 17:44:58    76800    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
.
==================== Find3M  ====================
.
2013-10-09 02:19:15    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 02:19:15    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-27 00:15:28    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2013-09-27 00:10:30    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2013-09-26 21:20:58    8228328    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2013-09-26 21:20:52    6512312    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2013-09-26 21:20:48    6630232    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2013-09-26 21:20:42    7139552    ----a-w-    C:\Windows\System32\atiumd6a.dll
2013-09-26 21:20:40    7751408    ----a-w-    C:\Windows\System32\atiumd64.dll
2013-09-26 21:18:38    12760576    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2013-09-26 21:04:56    229888    ----a-w-    C:\Windows\System32\clinfo.exe
2013-09-26 21:04:38    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2013-09-26 21:04:30    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2013-09-26 21:04:24    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2013-09-26 21:04:20    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2013-09-26 21:04:02    28469248    ----a-w-    C:\Windows\System32\amdocl64.dll
2013-09-26 21:01:48    24008192    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2013-09-26 20:59:52    63488    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-09-26 20:59:46    57344    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-09-26 20:54:46    129536    ----a-w-    C:\Windows\System32\coinst_13.20.16.dll
2013-09-26 20:51:52    25828864    ----a-w-    C:\Windows\System32\atio6axx.dll
2013-09-26 20:45:12    368640    ----a-w-    C:\Windows\System32\atiapfxx.exe
2013-09-26 20:45:00    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2013-09-26 20:44:58    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2013-09-26 20:44:48    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2013-09-26 20:44:46    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2013-09-26 20:44:30    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2013-09-26 20:41:04    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2013-09-26 20:32:12    21724160    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2013-09-26 20:23:46    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2013-09-26 20:23:36    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2013-09-26 20:23:30    580608    ----a-w-    C:\Windows\System32\atieclxx.exe
2013-09-26 20:22:34    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2013-09-26 20:20:54    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2013-09-26 19:50:48    1133568    ----a-w-    C:\Windows\System32\atiadlxx.dll
2013-09-26 19:50:32    819712    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2013-09-26 19:50:16    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2013-09-26 19:50:10    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2013-09-26 19:50:10    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2013-09-26 19:50:06    100352    ----a-w-    C:\Windows\System32\atig6txx.dll
2013-09-26 19:49:56    96768    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2013-09-26 19:49:46    95744    ----a-w-    C:\Windows\System32\amdave64.dll
2013-09-26 19:49:46    619008    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2013-09-26 19:49:40    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2013-09-26 19:49:28    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2013-09-26 19:49:22    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2013-09-26 19:46:22    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-03 21:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
.
============= FINISH: 16:56:13.39 ===============
 


Edited by jackwill, 01 November 2013 - 06:58 PM.


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:23 PM

Posted 02 November 2013 - 01:53 PM

Hello jackwill, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Best Regards,
oneof4.


#6 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 02 November 2013 - 02:58 PM

Hello oneof4,

 

Nice to meet you.

 

Thank you for your help

 

Here are my logs

 

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Ad-Aware Antivirus   
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4555.0\AdAwareService.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by DD at 2013-11-02 12:49:11
Running from C:\Users\DD\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

Ad-Aware Antivirus (Version: 11.0.4555.0)
AdAwareInstaller (Version: 11.0.4555.0)
AdAwareUpdater (Version: 11.0.4555.0)
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
AMD Accelerated Video Transcoding (Version: 13.20.100.30926)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Control Center (x32 Version: 2013.0926.1629.27759)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0926.1629.27759)
AMD Media Foundation Decoders (Version: 1.0.80926.1653)
AMD Steady Video Plug-In  (Version: 2.04.0000)
AMD Wireless Display v3.0 (Version: 1.0.0.12)
AMD Wireless Display v3.0 (Version: 1.0.0.14)
AntimalwareEngine (Version: 2.6.0.0)
ATI Catalyst Registration (x32 Version: 3.00.0000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0926.1629.27759)
Catalyst Control Center InstallProxy (x32 Version: 2009.1211.1547.28237)
Catalyst Control Center InstallProxy (x32 Version: 2013.0926.1629.27759)
Catalyst Control Center Localization All (x32 Version: 2013.0926.1629.27759)
CCC Help Chinese Standard (x32 Version: 2013.0926.1628.27759)
CCC Help Chinese Traditional (x32 Version: 2013.0926.1628.27759)
CCC Help Czech (x32 Version: 2013.0926.1628.27759)
CCC Help Danish (x32 Version: 2013.0926.1628.27759)
CCC Help Dutch (x32 Version: 2013.0926.1628.27759)
CCC Help English (x32 Version: 2013.0926.1628.27759)
CCC Help Finnish (x32 Version: 2013.0926.1628.27759)
CCC Help French (x32 Version: 2013.0926.1628.27759)
CCC Help German (x32 Version: 2013.0926.1628.27759)
CCC Help Greek (x32 Version: 2013.0926.1628.27759)
CCC Help Hungarian (x32 Version: 2013.0926.1628.27759)
CCC Help Italian (x32 Version: 2013.0926.1628.27759)
CCC Help Japanese (x32 Version: 2013.0926.1628.27759)
CCC Help Korean (x32 Version: 2013.0926.1628.27759)
CCC Help Norwegian (x32 Version: 2013.0926.1628.27759)
CCC Help Polish (x32 Version: 2013.0926.1628.27759)
CCC Help Portuguese (x32 Version: 2013.0926.1628.27759)
CCC Help Russian (x32 Version: 2013.0926.1628.27759)
CCC Help Spanish (x32 Version: 2013.0926.1628.27759)
CCC Help Swedish (x32 Version: 2013.0926.1628.27759)
CCC Help Thai (x32 Version: 2013.0926.1628.27759)
CCC Help Turkish (x32 Version: 2013.0926.1628.27759)
ccc-utility64 (Version: 2013.0926.1629.27759)
CCleaner (Version: 4.07)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Diablo III (x32 Version: 1.0.8.16603)
DriverAgent by eSupport.com
ESET Online Scanner v3 (x32)
EverQuest II (HKCU)
Feedback Tool (x32 Version: 1.2.0)
Free RAR Extract Frog (x32 Version: 3.20)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Happy Cloud Client (HKCU Version: 1.368)
HiJackThis (x32 Version: 1.0.0)
Java 7 Update 45 (x32 Version: 7.0.450)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KeyBar 1.8 Toolbar for IE (x32 Version: 6.16.1.9)
Lunascape6 (All Users) (x32 Version: 6.8.5.26607)
MagicTunePremium (x32 Version: 2.0.09)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Player Classic - Home Cinema 1.6.1.4235 (x32 Version: 1.6.1.4235)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office XP Web Components (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
Mumble 1.2.4 (x32 Version: 1.2.4)
NCTAudioConvert ActiveX EXE Server 2.7.3 (x32)
OLYMPUS Master 2 (x32 Version: 1.0.13)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Quake 4™ (x32 Version: 1.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914)
Skype™ 5.10 (x32 Version: 5.10.114)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SRWare Iron version SRWare Iron 26.0.1450.0 (x32 Version: SRWare Iron 26.0.1450.0)
Star Wars: The Old Republic (x32 Version: 1.00)
SUPERAntiSpyware (Version: 5.6.1032)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab CYRI (x32 Version: 6.0.3.0)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000)
The Lord of the Rings Online (HKCU)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live OneCare safety scanner (x32)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8064.206)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR archiver
World of Warcraft (x32)
Yahoo! Detect (x32)

==================== Restore Points  =========================

25-10-2013 17:54:14 Windows Update
25-10-2013 23:03:47 Removed Apple Software Update
25-10-2013 23:04:12 Removed Apple Mobile Device Support
25-10-2013 23:04:39 Removed Bonjour
25-10-2013 23:05:08 Removed Apple Application Support
25-10-2013 23:05:28 Removed iTunes
25-10-2013 23:31:51 AA11
27-10-2013 19:20:01 ComboFix created restore point
28-10-2013 05:46:58 Installed Java 7 Update 45
29-10-2013 15:52:02 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-10-27 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00618FF1-2123-4108-8F69-A8A37B45B969} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {01232810-1D65-48CF-977A-CE198FA91053} - System32\Tasks\{B850934B-F695-40AB-A01D-B360393C4558} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {0DF7EA11-2430-4D92-A668-196554C4EEBF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {240C9F6E-5CFF-4306-97CE-E3BDE65DB127} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2D7AAFC5-D733-4507-9FD2-D775ED7E4CAB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {2F939884-B4BF-4354-AE7A-EE0F0B8BEBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24] (Google Inc.)
Task: {48455699-7E75-4D20-890A-0E570B7BFD77} - System32\Tasks\{33F632CD-5CC6-4B1C-94AD-37795CD2D93A} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {540C0A9E-AB2E-467F-807A-07C5F8D026BA} - \MySearchDial No Task File
Task: {55439212-883F-459F-87BE-7FF295494667} - \Dealply No Task File
Task: {729F0979-DC4F-4244-9FD1-642EA0C2863A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {7804D17F-A9CA-43BA-9D2A-8B82FCFF67EF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {860C6F97-2EBF-439B-83C5-A971CBB8BEF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24] (Google Inc.)
Task: {93FD64B2-9555-43F2-8BC8-08E6231E3EC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {9F232805-1F5E-4922-B1FE-A195759D2DE1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {B25DB6D7-0C97-4F6E-85C8-D17C50B99B87} - System32\Tasks\{5C73714A-E708-41A8-B97B-46EB085DA9E5} => C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest II\LaunchPad.exe [2013-03-04] (Sony Online Entertainment)
Task: {CA52A7C9-1564-4EA5-A738-995D44FF9144} - System32\Tasks\{B9B97057-9B27-431B-964B-A6BB25F1E077} => C:\Program Files (x86)\Doom 3\doom3.exe
Task: {CA9845FA-7701-4518-AB2E-CF564F0AFAB8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DB876364-EFBE-48D6-9F1B-9F3479243790} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {ED9A1351-1737-4CC3-B2E9-55400BE8ED60} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3081963628-3576801843-3607325219-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EEBAD12B-68FA-442F-BD4B-4BFFA03D0E4F} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {F7F9DDB9-A4AC-4B84-AC5A-131890F7C698} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 16:32 - 2013-09-26 16:32 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avasdmft => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avas_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avss_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpavdrw_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpmgma_service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tpsec => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/02/2013 11:43:21 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (11/01/2013 10:06:50 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (11/01/2013 10:06:48 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:05:00 PM on ‎01/‎11/‎2013 was unexpected.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-02 11:43:16.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-02 11:43:16.196
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-01 22:06:44.973
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-01 22:06:44.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-01 10:39:09.164
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-01 10:39:09.101
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-01 10:33:53.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-01 10:33:53.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-31 12:09:28.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-31 12:09:28.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8190.3 MB
Available physical RAM: 6332.82 MB
Total Pagefile: 28188.48 MB
Available Pagefile: 26489.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:465.76 GB) (Free:306.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5DA22AB3)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by DD (administrator) on DD-PC on 02-11-2013 12:48:45
Running from C:\Users\DD\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-26] (Advanced Micro Devices, Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cdata.ca
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x55AD0E71F204CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM - {54B5EFD1-0B8B-7A36-E4D3-70C94BFFBE3C} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzutDtDtAtDyCyByE0E0EyEyEtBtBzyzy0CtN0D0TzutBtDtCtBtDyDtByD&cr=877584615
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKCU - Backup.Old.DefaultScope {3BAAA772-E640-4727-970E-91AD3954540A}
SearchScopes: HKCU - {474619DA-6116-FA9B-BBD4-10F03BF8B6CA} URL = http://www.google.ca/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_en-GB
SearchScopes: HKCU - {54B5EFD1-0B8B-7A36-E4D3-70C94BFFBE3C} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 64.59.160.13 64.59.161.68

FireFox:
========
FF ProfilePath: C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\rtos426o.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: nosquint - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\rtos426o.default\Extensions\nosquint@urandom.ca.xpi
FF Extension: No Name - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins
FF Extension: No Name - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: G Data BankGuard - C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (Google Wallet Service) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0
CHR Extension: (Gmail) - C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lnkecldbdnmddhjgmglhhmmfhjhklhnb] - C:\ProgramData\Browse2save\lnkecldbdnmddhjgmglhhmmfhjhklhnb.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-26] (Advanced Micro Devices, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [517344 2013-10-18] ()
S4 MWAgent; C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE [858632 2010-10-19] (MicroWorld Technologies Inc.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWow64\drivers\BIOS64.sys [14136 2009-03-05] (BIOSTAR Group)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [59256 2012-02-18] (G Data Software AG)
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
S3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-27] (Sagatek Co. Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U4 bdselfpr;
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]
U0 SR;
U2 SRService;
U4 vsserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-02 12:48 - 2013-11-02 12:48 - 00000000 ___DC C:\FRST
2013-11-02 12:47 - 2013-11-02 12:47 - 00000946 _____ C:\Users\DD\Desktop\checkup.txt
2013-11-02 12:44 - 2013-11-02 12:44 - 01957098 _____ (Farbar) C:\Users\DD\Desktop\FRST64.exe
2013-11-02 12:43 - 2013-11-02 12:43 - 00891184 _____ C:\Users\DD\Desktop\SecurityCheck.exe
2013-11-02 12:21 - 2013-11-02 12:21 - 00000000 ____D C:\Users\DD\AppData\Local\{7BD6D881-3206-4AB6-AB3B-4CA621AF9A70}
2013-11-01 17:13 - 2013-11-01 17:13 - 00002762 _____ C:\Users\DD\Desktop\JRT.txt
2013-11-01 17:07 - 2013-11-01 17:07 - 00002249 _____ C:\Users\DD\Desktop\RKreport[0]_D_11012013_170712.txt
2013-11-01 17:07 - 2013-11-01 17:07 - 00002112 _____ C:\Users\DD\Desktop\RKreport[0]_S_11012013_170708.txt
2013-11-01 17:05 - 2013-11-01 17:05 - 03538944 _____ C:\Users\DD\Desktop\RogueKiller.exe
2013-11-01 17:04 - 2013-11-01 17:07 - 00000000 ____D C:\Users\DD\Desktop\RK_Quarantine
2013-11-01 16:56 - 2013-11-01 16:56 - 00018864 _____ C:\Users\DD\Desktop\dds.txt
2013-11-01 16:51 - 2013-11-01 16:56 - 00007849 _____ C:\Users\DD\Desktop\attach.txt
2013-11-01 16:50 - 2013-11-01 16:50 - 00688992 ____R (Swearware) C:\Users\DD\Desktop\dds.com
2013-10-27 22:48 - 2013-10-27 22:48 - 00000000 ____D C:\ProgramData\Oracle
2013-10-27 22:48 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-27 22:47 - 2013-10-27 22:47 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-27 22:47 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-27 22:47 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-27 22:47 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-27 22:46 - 2013-10-27 22:46 - 00000000 ____D C:\ProgramData\McAfee
2013-10-27 12:28 - 2013-10-27 12:28 - 00024673 ____C C:\ComboFix.txt
2013-10-26 12:44 - 2013-10-26 12:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-26 12:44 - 2013-10-26 12:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 16:39 - 2013-10-25 16:39 - 00000000 ____D C:\Users\DD\AppData\Roaming\LavasoftStatistics
2013-10-25 16:32 - 2013-10-25 16:32 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-25 16:32 - 2013-10-25 16:32 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2013-10-18 13:35 - 2013-10-18 13:35 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201310181335369929.log
2013-10-18 13:35 - 2013-10-18 13:35 - 00000000 ____D C:\ProgramData\ATI
2013-10-18 13:35 - 2013-10-18 13:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-11 15:35 - 2013-10-11 15:35 - 00000610 _____ C:\Windows\KB888111.log
2013-10-11 15:33 - 2013-10-11 15:33 - 00003086 _____ C:\Windows\System32\Tasks\{C01D5F8F-007F-46B4-876C-26BBC136878E}
2013-10-11 15:32 - 2013-10-11 15:35 - 00002180 ____C C:\RHDSetup.log
2013-10-11 15:32 - 2013-05-21 21:50 - 03425608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-10-11 15:32 - 2013-05-21 15:57 - 00142408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-10-11 15:32 - 2013-05-21 15:05 - 00576929 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-10-11 15:32 - 2013-05-20 16:16 - 01003592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-10-11 15:32 - 2013-05-20 14:36 - 02794056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-10-11 15:32 - 2013-05-02 12:01 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-10-11 15:32 - 2013-05-02 12:01 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-10-11 15:32 - 2013-05-02 12:00 - 00920320 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-10-11 15:32 - 2013-04-30 19:53 - 03693640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-10-11 15:32 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-10-11 15:32 - 2013-04-23 00:40 - 02735648 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-10-11 15:32 - 2013-04-03 22:02 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-10-11 15:32 - 2013-03-23 03:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-10-11 15:32 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-10-11 15:32 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-11 15:32 - 2012-06-08 16:23 - 00083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-10-11 15:32 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-10-11 15:32 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-10-11 15:32 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-10-11 15:32 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-10-11 15:32 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-10-11 15:32 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-10-11 15:32 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-10-11 15:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-10-11 15:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-10-11 15:32 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-10-11 15:32 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-10-11 15:32 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-10-11 15:32 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-10-11 15:32 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-10-11 15:32 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-10-11 15:32 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-10-11 15:32 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-10-11 15:32 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-10-11 15:32 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2013-10-11 14:12 - 2013-10-27 12:28 - 00000000 ___DC C:\Qoobox
2013-10-11 00:25 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 00:25 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 00:25 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 00:25 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 00:25 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 00:25 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 00:25 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 00:25 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 00:25 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 00:25 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 00:25 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 00:25 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 10:45 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 10:45 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 10:45 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 10:45 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 10:45 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 10:45 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 10:45 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 10:45 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 10:45 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 10:45 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 10:45 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 10:45 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 10:45 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 10:45 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 10:45 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 10:44 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 10:44 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 10:44 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 10:44 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 10:44 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 10:44 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 10:44 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 10:44 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 10:44 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 10:44 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 10:44 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 10:44 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 10:44 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 10:44 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 10:44 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 10:44 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 10:44 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 10:44 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 10:44 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 10:44 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 10:44 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 10:44 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 10:44 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:44 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:44 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 10:44 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 10:44 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 10:44 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 10:44 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 10:44 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 10:44 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 19:10 - 2013-10-09 19:10 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201310091910312939.log
2013-10-04 09:44 - 2013-10-04 09:44 - 00001029 _____ C:\Users\DD\Desktop\Ventrilo.lnk

==================== One Month Modified Files and Folders =======

2013-11-02 12:48 - 2013-11-02 12:48 - 00000000 ___DC C:\FRST
2013-11-02 12:47 - 2013-11-02 12:47 - 00000946 _____ C:\Users\DD\Desktop\checkup.txt
2013-11-02 12:44 - 2013-11-02 12:44 - 01957098 _____ (Farbar) C:\Users\DD\Desktop\FRST64.exe
2013-11-02 12:43 - 2013-11-02 12:43 - 00891184 _____ C:\Users\DD\Desktop\SecurityCheck.exe
2013-11-02 12:21 - 2013-11-02 12:21 - 00000000 ____D C:\Users\DD\AppData\Local\{7BD6D881-3206-4AB6-AB3B-4CA621AF9A70}
2013-11-02 12:19 - 2012-04-03 10:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 12:08 - 2011-09-24 01:06 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-02 11:50 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-02 11:50 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-02 11:48 - 2010-06-05 13:45 - 01520603 _____ C:\Windows\WindowsUpdate.log
2013-11-02 11:47 - 2009-07-13 22:13 - 00814318 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-02 11:43 - 2011-09-24 01:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-02 11:43 - 2010-07-26 23:10 - 00120897 _____ C:\Windows\setupact.log
2013-11-02 11:43 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-02 02:53 - 2012-06-23 20:40 - 00000000 ____D C:\Users\DD\AppData\Roaming\Skype
2013-11-01 17:13 - 2013-11-01 17:13 - 00002762 _____ C:\Users\DD\Desktop\JRT.txt
2013-11-01 17:07 - 2013-11-01 17:07 - 00002249 _____ C:\Users\DD\Desktop\RKreport[0]_D_11012013_170712.txt
2013-11-01 17:07 - 2013-11-01 17:07 - 00002112 _____ C:\Users\DD\Desktop\RKreport[0]_S_11012013_170708.txt
2013-11-01 17:07 - 2013-11-01 17:04 - 00000000 ____D C:\Users\DD\Desktop\RK_Quarantine
2013-11-01 17:05 - 2013-11-01 17:05 - 03538944 _____ C:\Users\DD\Desktop\RogueKiller.exe
2013-11-01 16:56 - 2013-11-01 16:56 - 00018864 _____ C:\Users\DD\Desktop\dds.txt
2013-11-01 16:56 - 2013-11-01 16:51 - 00007849 _____ C:\Users\DD\Desktop\attach.txt
2013-11-01 16:50 - 2013-11-01 16:50 - 00688992 ____R (Swearware) C:\Users\DD\Desktop\dds.com
2013-11-01 01:04 - 2011-02-18 13:20 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E46314-3DC2-4210-B488-0F78D666A3BA}
2013-10-31 17:30 - 2010-07-14 13:27 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-10-30 23:46 - 2013-07-10 08:27 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-30 23:43 - 2009-07-13 22:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 22:48 - 2013-10-27 22:48 - 00000000 ____D C:\ProgramData\Oracle
2013-10-27 22:47 - 2013-10-27 22:47 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-27 22:47 - 2010-06-10 12:43 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-27 22:46 - 2013-10-27 22:46 - 00000000 ____D C:\ProgramData\McAfee
2013-10-27 14:27 - 2010-10-07 17:10 - 00000000 ____D C:\Users\DD\Desktop\Stuff
2013-10-27 13:10 - 2011-04-30 03:20 - 00249344 ___SH C:\Users\DD\Desktop\Thumbs.db
2013-10-27 12:30 - 2010-08-08 12:59 - 01363146 _____ C:\Windows\PFRO.log
2013-10-27 12:29 - 2013-08-20 14:56 - 00000000 ___DC C:\AdwCleaner
2013-10-27 12:28 - 2013-10-27 12:28 - 00024673 ____C C:\ComboFix.txt
2013-10-27 12:28 - 2013-10-11 14:12 - 00000000 ___DC C:\Qoobox
2013-10-27 12:28 - 2010-06-05 15:19 - 00000000 ____D C:\Users\DD\AppData\Local\Apps\2.0
2013-10-27 12:25 - 2013-08-20 15:07 - 00000000 ____D C:\Windows\erdnt
2013-10-27 12:25 - 2009-07-13 19:34 - 00000215 ____C C:\Windows\system.ini
2013-10-26 12:58 - 2013-10-26 12:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-26 12:44 - 2013-10-26 12:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 16:39 - 2013-10-25 16:39 - 00000000 ____D C:\Users\DD\AppData\Roaming\LavasoftStatistics
2013-10-25 16:32 - 2013-10-25 16:32 - 00000000 ____D C:\Program Files\Lavasoft
2013-10-25 16:32 - 2013-10-25 16:32 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-25 16:31 - 2011-04-04 12:52 - 00000000 ____D C:\ProgramData\Lavasoft
2013-10-25 16:08 - 2011-11-12 10:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-25 16:06 - 2013-10-02 09:58 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 16:06 - 2013-05-29 10:37 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-25 16:03 - 2012-07-13 09:43 - 01446961 _____ C:\Users\DD\AppData\Local\census.cache
2013-10-25 16:03 - 2012-07-13 09:43 - 00107222 _____ C:\Users\DD\AppData\Local\ars.cache
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2013-10-25 15:53 - 2013-10-25 15:53 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2013-10-19 18:46 - 2011-04-04 12:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-18 13:35 - 2013-10-18 13:35 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201310181335369929.log
2013-10-18 13:35 - 2013-10-18 13:35 - 00000000 ____D C:\ProgramData\ATI
2013-10-18 13:35 - 2013-10-18 13:35 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-18 13:35 - 2011-05-08 02:20 - 00000000 ____D C:\ProgramData\AMD
2013-10-18 13:35 - 2010-02-11 07:27 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-18 13:33 - 2012-02-01 14:13 - 00000000 ___DC C:\AMD
2013-10-18 13:30 - 2010-06-05 19:49 - 00806440 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-17 10:55 - 2012-11-02 13:43 - 00014082 _____ C:\Users\DD\Documents\Install STAR WARS The Old Republic.log
2013-10-14 17:03 - 2011-09-24 01:06 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-14 17:03 - 2011-09-24 01:06 - 00003634 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 17:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 15:35 - 2013-10-11 15:35 - 00000610 _____ C:\Windows\KB888111.log
2013-10-11 15:35 - 2013-10-11 15:32 - 00002180 ____C C:\RHDSetup.log
2013-10-11 15:33 - 2013-10-11 15:33 - 00003086 _____ C:\Windows\System32\Tasks\{C01D5F8F-007F-46B4-876C-26BBC136878E}
2013-10-11 15:33 - 2010-02-11 07:21 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-11 13:58 - 2012-03-20 14:48 - 00000000 ____D C:\Users\DD\AppData\Roaming\Canon
2013-10-11 10:26 - 2009-07-13 21:45 - 00447120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 00:22 - 2013-05-07 00:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 00:22 - 2013-05-07 00:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 00:19 - 2013-08-15 00:45 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 00:18 - 2010-06-05 14:23 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 19:10 - 2013-10-09 19:10 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201310091910312939.log
2013-10-08 19:19 - 2012-04-03 10:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 19:19 - 2012-04-03 10:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:19 - 2011-05-18 15:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 07:50 - 2013-10-27 22:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-27 22:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-27 22:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-27 22:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-05 18:43 - 2012-03-20 14:49 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-10-04 09:44 - 2013-10-04 09:44 - 00001029 _____ C:\Users\DD\Desktop\Ventrilo.lnk

Files to move or delete:
====================
C:\Users\DD\jagex_cl_runescape_LIVE.dat
C:\Users\DD\random.dat


Some content of TEMP:
====================
C:\Users\DD\AppData\Local\Temp\ntdll_dump.dll
C:\Users\DD\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-01 01:32

==================== End Of Log ============================



#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:23 PM

Posted 03 November 2013 - 05:45 PM

Hey jackwill, :)
 
Please perform the following:
 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

==========

 

After the FRST fix, please perform the following:

 

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Attached Files


Best Regards,
oneof4.


#8 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 05 November 2013 - 02:10 PM

testing

 

 

I can't post my logs


Edited by jackwill, 05 November 2013 - 02:12 PM.


#9 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 05 November 2013 - 02:13 PM

Uploaded as an attachment

Attached Files



#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:23 PM

Posted 05 November 2013 - 05:37 PM

You appear to have re-run FRST using the SCAN button instead of the FIX button. 

 

Try re-running FRST and click the FIX button; make sure the fixlist.txt that I attached for you earlier is in the same location as FRST.exe; namely C:\Users\DD\Desktop


Best Regards,
oneof4.


#11 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 06 November 2013 - 04:51 PM

ok oneof4

 

Here it is

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by DD at 2013-11-06 13:50:01 Run:1
Running from C:\Users\DD\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins
FF Extension: No Name - C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [lnkecldbdnmddhjgmglhhmmfhjhklhnb] - C:\ProgramData\Browse2save\lnkecldbdnmddhjgmglhhmmfhjhklhnb.crx
C:\Users\DD\jagex_cl_runescape_LIVE.dat
C:\Users\DD\random.dat
C:\Users\DD\AppData\Local\Temp\ntdll_dump.dll
C:\Users\DD\AppData\Local\Temp\Quarantine.exe
Task: {00618FF1-2123-4108-8F69-A8A37B45B969} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {540C0A9E-AB2E-467F-807A-07C5F8D026BA} - \MySearchDial No Task File
Task: {55439212-883F-459F-87BE-7FF295494667} - \Dealply No Task File
Task: {EEBAD12B-68FA-442F-BD4B-4BFFA03D0E4F} - \DealPlyLiveUpdateTaskMachineUA No Task File
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => Key deleted successfully.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions => Moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins => Moved successfully.
C:\Users\DD\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lnkecldbdnmddhjgmglhhmmfhjhklhnb => Key deleted successfully.
"C:\ProgramData\Browse2save\lnkecldbdnmddhjgmglhhmmfhjhklhnb.crx" => File/Directory not found.
C:\Users\DD\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\DD\random.dat => Moved successfully.
C:\Users\DD\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\DD\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00618FF1-2123-4108-8F69-A8A37B45B969} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00618FF1-2123-4108-8F69-A8A37B45B969} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{540C0A9E-AB2E-467F-807A-07C5F8D026BA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{540C0A9E-AB2E-467F-807A-07C5F8D026BA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55439212-883F-459F-87BE-7FF295494667} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55439212-883F-459F-87BE-7FF295494667} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEBAD12B-68FA-442F-BD4B-4BFFA03D0E4F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEBAD12B-68FA-442F-BD4B-4BFFA03D0E4F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA => Key deleted successfully.

==== End of Fixlog ====



#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:23 PM

Posted 06 November 2013 - 10:56 PM

How are things running now?


Best Regards,
oneof4.


#13 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 07 November 2013 - 02:02 PM

I just got it again... I think. This time a new tab did not open rather the page of the website I was on just changed to the java update page

 

URL changed to:

 

http://c-java.com/index.php?dv1=8617560&dv2=http://ad.yieldmanager.com/iframe3?LUMGABMSQQBd0GYBAAAAAChZagAAAAAAAgAAAAoAAAAAAP8AAAAFDYXoTQAAAAAAb8J4AAAAAABYfoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB.rRcAAAAAAAIAAwAAgD8A8tJNYhBYyT.y0k1iEFjJPwrXo3A9Ctc.CtejcD0K1z8zMzMzMzPjPzMzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvy2ovhNfEDphNu0eL2Id1A90AGDK9f6LhtRAlAAAAAA==,,http://rinf.com/alt-news/breaking-news/appalling-17-year-old-rape-victim-harassed-and-belittled-by-florida-deputy/,B=10&H=&M=5&Z=160x600&_salt=233339407&r=0&s=4264467,3c2fa502-47e8-11e3-9d55-5bb349fc1bb8,1383854851898&dv3=http://ad.yieldmanager.com/iframe3?LUMGABMSQQBd0GYBAAAAAChZagAAAAAAAgAAAAoAAAAAAP8AAAAFDYXoTQAAAAAAb8J4AAAAAABYfoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB.rRcAAAAAAAIAAwAAgD8A8tJNYhBYyT.y0k1iEFjJPwrXo3A9Ctc.CtejcD0K1z8zMzMzMzPjPzMzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvy2ovhNfEDphNu0eL2Id1A90AGDK9f6LhtRAlAAAAAA==,,http%3A%2F%2Frinf.com%2Falt-news%2Fbreaking-news%2Fappalling-17-year-old-rape-victim-harassed-and-belittled-by-florida-deputy%2F,B%3D10%26H%3D%26M%3D5%26Z%3D160x600%26_salt%3D233339407%26r%3D0%26s%3D4264467,3c2fa502-47e8-11e3-9d55-5bb349fc1bb8,1383854851898

 

from

 

http://rinf.com/alt-news/breaking-news/appalling-17-year-old-rape-victim-harassed-and-belittled-by-florida-deputy/

 

 

I've been to that site many times and never had this problem. Maybe the problem is with the site and not my computer?


Edited by jackwill, 07 November 2013 - 07:55 PM.


#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:23 PM

Posted 07 November 2013 - 10:50 PM

Okay, let's try the following two scans:

 

You already appear to have MalwareBytes Antimalware installed, so please open it, update it, and run a Full scan.

 

Next,

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

==========

 

Please copy and paste both the MBAM log, and ESET results in your next reply.


Best Regards,
oneof4.


#15 jackwill

jackwill
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 November 2013 - 04:52 PM

Hi oneof4

 

I ran ESET first:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir            Win32/DealPly.J application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir            Win32/DealPly.J application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\KeyBar_1.8\ldrtbKeyB.dll.vir a variant of Win32/Toolbar.Conduit.P application      cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\KeyBar_1.8\tbKeyB.dll.vir      a variant of Win32/Toolbar.Conduit.B application      cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\background.js.vir            Win32/DealPly.J application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\LocalLow\KeyBar_1.8\ldrtbKeyB.dll.vir            a variant of Win32/Toolbar.Conduit.P application   cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\LocalLow\KeyBar_1.8\tbKeyB.dll.vir  a variant of Win32/Toolbar.Conduit.B application     cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\DD\AppData\Roaming\Mozilla\Firefox\Profiles\rtos426o.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir  Win32/DealPly.J application            cleaned by deleting - quarantined

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
DD :: DD-PC [administrator]

11/8/2013 1:03:44 PM
mbam-log-2013-11-08 (13-03-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364975
Time elapsed: 46 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

Note it just happened again at that same site

 

This time the Url was

 

http://c-java.com/index.php?dv1=8617560&dv2=http://ad.yieldmanager.com/iframe3?LUMGABMSQQBd0GYBAAAAAChZagAAAAAAAgAAAAoAAAAAAP8AAAAGDoXoTQAAAAAAu7qAAAAAAABYfoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB.rRcAAAAAAAIAAwAAgD8A8tJNYhBYyT.y0k1iEFjJPwrXo3A9Ctc.CtejcD0K1z8zMzMzMzPjPzMzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy-RrTgULGDi8i2l1j.iRK5JErmw7f1zyQsDuSAAAAAA==,,http://rinf.com/alt-news/breaking-news/bar-fight-the-booze-industry-is-furious-over-campaigns-saying-weed-is-safer-than-alcohol/,B=10&H=&M=5&Z=160x600&_salt=1631025982&r=0&s=4264467,9848b7c4-48c0-11e3-aa89-d35522ca0fd5,1383947777706&dv3=http://ad.yieldmanager.com/iframe3?LUMGABMSQQBd0GYBAAAAAChZagAAAAAAAgAAAAoAAAAAAP8AAAAGDoXoTQAAAAAAu7qAAAAAAABYfoMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB.rRcAAAAAAAIAAwAAgD8A8tJNYhBYyT.y0k1iEFjJPwrXo3A9Ctc.CtejcD0K1z8zMzMzMzPjPzMzMzMzM-M.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy-RrTgULGDi8i2l1j.iRK5JErmw7f1zyQsDuSAAAAAA==,,http%3A%2F%2Frinf.com%2Falt-news%2Fbreaking-news%2Fbar-fight-the-booze-industry-is-furious-over-campaigns-saying-weed-is-safer-than-alcohol%2F,B%3D10%26H%3D%26M%3D5%26Z%3D160x600%26_salt%3D1631025982%26r%3D0%26s%3D4264467,9848b7c4-48c0-11e3-aa89-d35522ca0fd5,1383947777706

 


Edited by jackwill, 08 November 2013 - 04:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users