Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Soundcard, Audio Ads Running in Background


  • Please log in to reply
7 replies to this topic

#1 californiaflame

californiaflame

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 09 April 2014 - 11:16 PM

Hi folks! I seem to have gotten that annoying malware that's going around that hijacks your soundcard and plays garbled audio ads at startup. I'm having the same symptoms 'puterdude' is having in this thread: http://www.bleepingcomputer.com/forums/t/530109/background-audio-ads-virus-please-help/page-2#entry3338734

 

I downloaded DDS and Farbar and ran both. Ran MalwareBytes and SuperAntispyware and a couple things were found and removed but didn't fix the audio issue. I've disabled my network connection and am running in safe mode w/networking while online. I'll hold off running anything else until I hear what my next steps should be.

 

DDS txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.5.1
Run by californiaflame at 20:58:04 on 2014-04-09
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3765.2717 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = 127.0.0.1:9421;<local>;*.local
uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Akamai NetSession Interface] "C:\Users\californiaflame\AppData\Local\Akamai\netsession_win.exe"
uRun: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1C2430YM05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
uRun: [AdobeBridge] <no file>
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [UCam_Menu] "C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Dell\Dell TouchCam" UpdateWithCreateOnce "Software\CyberLink\Dell TouchCam\1.1"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [UpdateYouPaintShortCut] "C:\Program Files (x86)\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouPaint" UpdateWithCreateOnce "Software\CyberLink\YouPaint\1.2"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\CALIFO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\CALIFO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\californiaflame\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\CALIFO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\CALIFO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\CALIFO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLTO~1.LNK - C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{004DA4E0-B9C3-4F5D-86C0-6F95441AAD83} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2168AB75-7345-4967-90C1-E7282F3F65EE} : DHCPNameServer = 8.8.8.8 4.2.2.1
TCP: Interfaces\{F4E5405E-C846-4C4B-8446-9BBF5387FE6E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4E5405E-C846-4C4B-8446-9BBF5387FE6E}\659637471675962756C656373723 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F4E5405E-C846-4C4B-8446-9BBF5387FE6E}\C696E6B6379737 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1
TCP: Interfaces\{F4E5405E-C846-4C4B-8446-9BBF5387FE6E}\C696E6B6379737F5D656469616 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1
TCP: Interfaces\{F4E5405E-C846-4C4B-8446-9BBF5387FE6E}\E45445745414254373D25374 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff9.dll
FF - component: C:\ProgramData\AVG Secure Search\9.0.0.18\components\toolbarhomewmp.dll
FF - component: C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-3 55280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-7-31 23912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-31 56344]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2010-7-31 74272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-31 239616]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-11-1 212280]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-7-31 89600]
S2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-3-17 807800]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-2-23 3782672]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-3 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-3 2320920]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-31 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-31 271872]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2013-11-24 18456]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-10 03:23:59    --------    d-----w-    C:\FRST
2014-03-23 01:31:55    --------    d-----w-    C:\Program Files (x86)\Vuze Remote Toolbar
2014-03-23 01:31:55    --------    d-----w-    C:\Program Files (x86)\Application Updater
2014-03-13 06:16:19    --------    d-----w-    C:\Windows\System32\%LOCALAPPDATA%
.
==================== Find3M  ====================
.
2014-03-11 21:48:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 21:48:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 21:00:53.87 ===============
 

Let me know if you need the .attach file as well.

 

Thanks!



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:27 AM

Posted 11 April 2014 - 07:38 PM

Hi californiaflame

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

 

I've disabled my network connection and am running in safe mode w/networking while online.

The following program is best run in normal mode.

Download RogueKiller and save it to your desktop.
  • Close all running processes (security programs etc )
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Thanks

Edited by Starbuck, 11 April 2014 - 07:56 PM.

BBPP6nz.png


#3 californiaflame

californiaflame
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 11 April 2014 - 11:41 PM

Thank you Starbuck. :)

 

Log below:

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : californiaflame [Admin rights]
Mode : Scan -- Date : 04/11/2014 21:37:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\californiaflame\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc --CMPID 0913a [x][x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\californiaflame\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc /CMPID=1113a [x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Slick Savings ("C:\Users\californiaflame\AppData\Roaming\Slick Savings\CouponsHelper.exe" [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3851501560-2088687507-785293386-1001\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\californiaflame\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc --CMPID 0913a [x][x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3851501560-2088687507-785293386-1001\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\californiaflame\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc /CMPID=1113a [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3851501560-2088687507-785293386-1001\[...]\Run : Slick Savings ("C:\Users\californiaflame\AppData\Roaming\Slick Savings\CouponsHelper.exe" [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 4 ¤¤¤
[CHR][PUP] Default : Ebay Shopping Assistant by Spigot
[CHR][PUP] Default : Domain Error Assistant
[CHR][PUP] Default : Slick Savings
[CHR][PUP] Default : Amazon Shopping Assistant by Spigot

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5056GSY ATA Device +++++
--- User ---
[MBR] d7e30acd56ba39a2889e10c444d54804
[BSP] 239099191902b57edf1c74aed0be0202 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04112014_213716.txt >>



 



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:27 AM

Posted 12 April 2014 - 04:34 AM

Hi californiaflame

Thanks for the report.

Step 1
  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.


Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
Also
  • Please re-run FRST again, but this time type the following in the edit box after Search: rpcss.dll
  • Click the Search File(s) button
  • It will make a log (Search.txt)- please post this report along with the other 2 FRST reports.
In your next reply, please submit:
RKreport.txt
Both reports from FRST
Search.txt



Thanks.

BBPP6nz.png


#5 californiaflame

californiaflame
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 12 April 2014 - 02:11 PM

Hi Starbuck!

 

RKreport:

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : californiaflame [Admin rights]
Mode : Remove -- Date : 04/11/2014 21:45:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\californiaflame\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc --CMPID 0913a [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\californiaflame\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc /CMPID=1113a [x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Slick Savings ("C:\Users\californiaflame\AppData\Roaming\Slick Savings\CouponsHelper.exe" [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3851501560-2088687507-785293386-1001\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\californiaflame\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc --CMPID 0913a [x][x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-3851501560-2088687507-785293386-1001\[...]\Run : AVG-Secure-Search-Update_1113a (C:\Users\californiaflame\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=fd3742409eab4d61a12a9375a020966a-6d05fac93e7229c7880e8606b896b56775a83ffc /CMPID=1113a [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-3851501560-2088687507-785293386-1001\[...]\Run : Slick Savings ("C:\Users\californiaflame\AppData\Roaming\Slick Savings\CouponsHelper.exe" [7]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 4 ¤¤¤
[CHR][PUP] Default : Ebay Shopping Assistant by Spigot
[CHR][PUP] Default : Domain Error Assistant
[CHR][PUP] Default : Slick Savings
[CHR][PUP] Default : Amazon Shopping Assistant by Spigot

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5056GSY ATA Device +++++
--- User ---
[MBR] d7e30acd56ba39a2889e10c444d54804
[BSP] 239099191902b57edf1c74aed0be0202 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04112014_214546.txt >>
RKreport[0]_S_04112014_213716.txt

FRST report:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by californiaflame (administrator) on DARTHVADER on 12-04-2014 11:55:39
Running from C:\Users\californiaflame\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Akamai Technologies, Inc.) C:\Users\californiaflame\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\californiaflame\AppData\Local\Akamai\netsession_win.exe
() C:\Users\californiaflame\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Dropbox, Inc.) C:\Users\californiaflame\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Farbar) C:\Users\californiaflame\Downloads\FRST64(1).exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3168336 2009-11-03] (Dell Inc.)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2010-09-03] (ArcSoft Inc.)
HKLM-x32\...\Run: [UpdateYouPaintShortCut] - C:\Program Files (x86)\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1393984 2014-03-17] (Spigot, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247144 2010-08-24] (TomTom)
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\Run: [Akamai NetSession Interface] - C:\Users\californiaflame\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\Run: [HP Photosmart 6510 series (NET)] - C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\Run: [Amazon Cloud Player] - C:\Users\californiaflame\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-15] (Google Inc.)
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\MountPoints2: {e61ddd78-4fc8-11e3-94bb-5c260a05531e} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
Startup: C:\Users\californiaflame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\californiaflame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\californiaflame\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\californiaflame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\californiaflame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\californiaflame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_enUS397
SearchScopes: HKCU - {633955C2-692E-4C81-9FA3-EF2789A8E49C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_enUS397
SearchScopes: HKCU - {6CC7602D-8C7C-473E-B191-FA28834B686A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {00E2F4E0-F208-4826-A101-FE547C6DA4A1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\searchplugins\yahoo_ff.xml
FF Extension: Diccionario de Español/México - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\es-MX@dictionaries.addons.mozilla.org [2013-10-28]
FF Extension: Anonymouse-Toolbar - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\{00E2F4E0-F208-4826-A101-FE547C6DA4A1} [2010-10-21]
FF Extension: Google Toolbar for Firefox - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-10]
FF Extension: EPUBReader - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-02]
FF Extension: Personas Plus - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\personas@christopher.beard.xpi [2013-02-28]
FF Extension: Slick Savings - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\savingsslider@mybrowserbar.com.xpi [2014-04-11]
FF Extension: Start Page - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-01-09]
FF Extension: StumbleUpon - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012-01-24]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-10-21]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-03-25]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com/?type=994519&fr=spigot-yhp-ch
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Contribute CS5 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2013-12-04]
CHR Extension: (Domain Error Assistant) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-12-04]
CHR Extension: (Freemake Video Converter) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-12-04]
CHR Extension: (Slick Savings) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-12-04]
CHR Extension: (Google Wallet) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2013-12-04]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-11-29]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\californiaflame\AppData\Local\Slick Savings\coupons.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2010-09-03] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-12 11:54 - 2014-04-12 11:54 - 02157568 _____ (Farbar) C:\Users\californiaflame\Downloads\FRST64(1).exe
2014-04-11 21:45 - 2014-04-11 21:45 - 00005565 _____ () C:\Users\californiaflame\Desktop\RKreport[0]_D_04112014_214546.txt
2014-04-11 21:37 - 2014-04-11 21:37 - 00005346 _____ () C:\Users\californiaflame\Desktop\RKreport[0]_S_04112014_213716.txt
2014-04-11 21:25 - 2014-04-11 21:45 - 00000000 ____D () C:\Users\californiaflame\Desktop\RK_Quarantine
2014-04-11 21:24 - 2014-04-11 21:24 - 03972608 _____ () C:\Users\californiaflame\Downloads\RogueKiller.exe
2014-04-11 21:21 - 2014-04-11 21:21 - 00001117 _____ () C:\Users\californiaflame\Desktop\Continue Zip Extractor Installation.lnk
2014-04-11 21:20 - 2014-04-11 21:20 - 00685448 _____ () C:\Users\californiaflame\Downloads\ZipExtractorSetup.exe
2014-04-11 21:20 - 2014-04-11 21:20 - 00685448 _____ () C:\Users\californiaflame\Downloads\ZipExtractorSetup(1).exe
2014-04-09 23:10 - 2014-04-09 23:10 - 00002015 _____ () C:\Users\californiaflame\Desktop\poff ad.txt
2014-04-09 21:01 - 2014-04-09 21:01 - 00014410 _____ () C:\Users\californiaflame\Desktop\attach.txt
2014-04-09 21:01 - 2014-04-09 21:00 - 00021307 _____ () C:\Users\californiaflame\Desktop\dds.txt
2014-04-09 20:57 - 2014-04-09 20:57 - 00688992 ____R (Swearware) C:\Users\californiaflame\Downloads\dds.com
2014-04-09 20:32 - 2014-04-09 20:32 - 00041298 _____ () C:\Users\californiaflame\Desktop\FRST.txt
2014-04-09 20:31 - 2014-04-09 20:31 - 00037362 _____ () C:\Users\californiaflame\Desktop\Addition.txt
2014-04-09 20:26 - 2014-04-09 20:26 - 00037362 _____ () C:\Users\californiaflame\Downloads\Addition.txt
2014-04-09 20:24 - 2014-04-12 11:56 - 00032462 _____ () C:\Users\californiaflame\Downloads\FRST.txt
2014-04-09 20:23 - 2014-04-12 11:55 - 00000000 ____D () C:\FRST
2014-04-09 20:23 - 2014-04-09 20:23 - 02157056 _____ (Farbar) C:\Users\californiaflame\Downloads\FRST64.exe
2014-04-05 20:29 - 2014-04-06 17:04 - 00037349 _____ () C:\Users\californiaflame\Desktop\avgrep.txt
2014-04-05 19:15 - 2014-04-05 19:15 - 00009359 _____ () C:\Users\californiaflame\Downloads\[kickass.to]47.ronin.2013.720p.brrip.x264.yify.torrent
2014-04-05 19:10 - 2014-04-05 19:10 - 00016906 _____ () C:\Users\californiaflame\Downloads\[kickass.to]the.past.2013.720p.brrip.x264.fastbet99.torrent
2014-04-05 19:05 - 2014-04-05 19:05 - 00014929 _____ () C:\Users\californiaflame\Downloads\[kickass.to]knights.of.badassdom.2013.hdrip.xvid.evo.torrent
2014-04-05 14:13 - 2014-04-12 11:49 - 00000089 _____ () C:\Windows\system32\xkzuhc.frg
2014-04-05 14:02 - 2014-04-05 14:02 - 00000064 _____ () C:\Windows\system32\vnkr.yyb
2014-04-05 14:02 - 2014-04-05 14:02 - 00000000 _____ () C:\Windows\system32\nkagka.gbs
2014-04-05 13:46 - 2014-04-05 13:46 - 00305834 ____S () C:\Windows\system32\vbthsrl.gli
2014-03-29 17:19 - 2014-03-29 17:19 - 00007699 _____ () C:\Users\californiaflame\Downloads\[kickass.to]apocalypse.pompeii.2014.720p.brrip.x264.yify(1).torrent
2014-03-28 18:30 - 2014-03-28 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 15:26 - 2014-03-23 15:26 - 00010274 _____ () C:\Users\californiaflame\Downloads\[kickass.to]the.wolverine.2013.extended.720p.brrip.x264.yify.torrent
2014-03-23 15:23 - 2014-03-23 15:23 - 00110321 _____ () C:\Users\californiaflame\Downloads\[kickass.to]the.essential.films.of.alejandro.jodorowsky.torrent
2014-03-22 18:31 - 2014-03-22 18:31 - 00000000 ____D () C:\Program Files (x86)\Vuze Remote Toolbar
2014-03-22 18:31 - 2014-03-22 18:31 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-03-16 18:09 - 2014-03-16 18:09 - 00008801 _____ () C:\Users\californiaflame\Downloads\[kickass.to]thor.the.dark.world.2013.720p.brrip.x264.yify(1).torrent
2014-03-16 18:05 - 2014-03-16 18:05 - 00008801 _____ () C:\Users\californiaflame\Downloads\[kickass.to]thor.the.dark.world.2013.720p.brrip.x264.yify.torrent
2014-03-14 19:41 - 2014-03-14 19:41 - 00007699 _____ () C:\Users\californiaflame\Downloads\[kickass.to]apocalypse.pompeii.2014.720p.brrip.x264.yify.torrent

==================== One Month Modified Files and Folders =======

2014-04-12 11:56 - 2014-04-09 20:24 - 00032462 _____ () C:\Users\californiaflame\Downloads\FRST.txt
2014-04-12 11:55 - 2014-04-09 20:23 - 00000000 ____D () C:\FRST
2014-04-12 11:55 - 2010-09-15 16:18 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-12 11:54 - 2014-04-12 11:54 - 02157568 _____ (Farbar) C:\Users\californiaflame\Downloads\FRST64(1).exe
2014-04-12 11:49 - 2014-04-05 14:13 - 00000089 _____ () C:\Windows\system32\xkzuhc.frg
2014-04-12 11:49 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-12 11:49 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-12 11:48 - 2013-07-06 11:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-12 11:48 - 2010-09-15 15:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-12 11:48 - 2009-07-13 22:10 - 01794199 _____ () C:\Windows\WindowsUpdate.log
2014-04-12 11:45 - 2010-09-29 17:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-12 11:43 - 2009-07-13 22:13 - 00727398 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 11:42 - 2012-07-05 21:08 - 00000000 ___RD () C:\Users\californiaflame\Dropbox
2014-04-12 11:42 - 2012-07-05 20:59 - 00000000 ____D () C:\Users\californiaflame\AppData\Roaming\Dropbox
2014-04-12 11:41 - 2010-09-03 20:50 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-12 11:40 - 2010-09-15 16:18 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-12 11:39 - 2012-03-25 17:04 - 00000276 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-04-11 21:55 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 21:55 - 2009-07-13 21:51 - 00052781 _____ () C:\Windows\setupact.log
2014-04-11 21:45 - 2014-04-11 21:45 - 00005565 _____ () C:\Users\californiaflame\Desktop\RKreport[0]_D_04112014_214546.txt
2014-04-11 21:45 - 2014-04-11 21:25 - 00000000 ____D () C:\Users\californiaflame\Desktop\RK_Quarantine
2014-04-11 21:37 - 2014-04-11 21:37 - 00005346 _____ () C:\Users\californiaflame\Desktop\RKreport[0]_S_04112014_213716.txt
2014-04-11 21:37 - 2013-08-17 16:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 21:33 - 2010-10-09 03:32 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 21:29 - 2010-11-03 15:37 - 00000000 ____D () C:\Program Files (x86)\Trillian
2014-04-11 21:24 - 2014-04-11 21:24 - 03972608 _____ () C:\Users\californiaflame\Downloads\RogueKiller.exe
2014-04-11 21:21 - 2014-04-11 21:21 - 00001117 _____ () C:\Users\californiaflame\Desktop\Continue Zip Extractor Installation.lnk
2014-04-11 21:20 - 2014-04-11 21:20 - 00685448 _____ () C:\Users\californiaflame\Downloads\ZipExtractorSetup.exe
2014-04-11 21:20 - 2014-04-11 21:20 - 00685448 _____ () C:\Users\californiaflame\Downloads\ZipExtractorSetup(1).exe
2014-04-11 18:39 - 2010-09-03 21:08 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-11 18:39 - 2010-09-03 21:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-09 23:10 - 2014-04-09 23:10 - 00002015 _____ () C:\Users\californiaflame\Desktop\poff ad.txt
2014-04-09 21:01 - 2014-04-09 21:01 - 00014410 _____ () C:\Users\californiaflame\Desktop\attach.txt
2014-04-09 21:00 - 2014-04-09 21:01 - 00021307 _____ () C:\Users\californiaflame\Desktop\dds.txt
2014-04-09 20:57 - 2014-04-09 20:57 - 00688992 ____R (Swearware) C:\Users\californiaflame\Downloads\dds.com
2014-04-09 20:32 - 2014-04-09 20:32 - 00041298 _____ () C:\Users\californiaflame\Desktop\FRST.txt
2014-04-09 20:31 - 2014-04-09 20:31 - 00037362 _____ () C:\Users\californiaflame\Desktop\Addition.txt
2014-04-09 20:26 - 2014-04-09 20:26 - 00037362 _____ () C:\Users\californiaflame\Downloads\Addition.txt
2014-04-09 20:23 - 2014-04-09 20:23 - 02157056 _____ (Farbar) C:\Users\californiaflame\Downloads\FRST64.exe
2014-04-09 19:41 - 2013-05-21 19:51 - 00000000 ____D () C:\Program Files\My Dell
2014-04-07 20:15 - 2010-09-03 20:51 - 00000000 ____D () C:\ProgramData\PCDr
2014-04-07 20:08 - 2013-05-21 19:52 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-04-06 17:04 - 2014-04-05 20:29 - 00037349 _____ () C:\Users\californiaflame\Desktop\avgrep.txt
2014-04-06 15:18 - 2011-02-04 20:21 - 00003182 _____ () C:\Windows\System32\Tasks\proXPN
2014-04-05 19:39 - 2010-09-03 22:28 - 00063958 _____ () C:\Windows\PFRO.log
2014-04-05 19:25 - 2010-10-24 13:51 - 00000000 ____D () C:\Users\californiaflame\AppData\Roaming\Azureus
2014-04-05 19:17 - 2013-11-29 19:47 - 00000000 ____D () C:\Users\californiaflame\Desktop\Subtitles
2014-04-05 19:15 - 2014-04-05 19:15 - 00009359 _____ () C:\Users\californiaflame\Downloads\[kickass.to]47.ronin.2013.720p.brrip.x264.yify.torrent
2014-04-05 19:10 - 2014-04-05 19:10 - 00016906 _____ () C:\Users\californiaflame\Downloads\[kickass.to]the.past.2013.720p.brrip.x264.fastbet99.torrent
2014-04-05 19:05 - 2014-04-05 19:05 - 00014929 _____ () C:\Users\californiaflame\Downloads\[kickass.to]knights.of.badassdom.2013.hdrip.xvid.evo.torrent
2014-04-05 14:02 - 2014-04-05 14:02 - 00000064 _____ () C:\Windows\system32\vnkr.yyb
2014-04-05 14:02 - 2014-04-05 14:02 - 00000000 _____ () C:\Windows\system32\nkagka.gbs
2014-04-05 13:46 - 2014-04-05 13:46 - 00305834 ____S () C:\Windows\system32\vbthsrl.gli
2014-04-03 08:11 - 2011-11-11 12:55 - 00000000 ____D () C:\Users\californiaflame\AppData\Local\Akamai
2014-04-01 08:48 - 2013-10-14 17:21 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-31 23:35 - 2012-05-12 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 11:57 - 2010-09-15 16:18 - 00003912 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 11:57 - 2010-09-15 16:18 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-30 11:56 - 2010-09-15 15:41 - 00000000 ____D () C:\Users\californiaflame\AppData\Local\Google
2014-03-29 17:19 - 2014-03-29 17:19 - 00007699 _____ () C:\Users\californiaflame\Downloads\[kickass.to]apocalypse.pompeii.2014.720p.brrip.x264.yify(1).torrent
2014-03-29 15:14 - 2011-01-30 14:20 - 00000000 ____D () C:\ProgramData\Soulseek
2014-03-28 18:30 - 2014-03-28 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 23:01 - 2010-09-15 16:21 - 00000000 ____D () C:\Users\californiaflame\Documents\OneNote Notebooks
2014-03-23 15:26 - 2014-03-23 15:26 - 00010274 _____ () C:\Users\californiaflame\Downloads\[kickass.to]the.wolverine.2013.extended.720p.brrip.x264.yify.torrent
2014-03-23 15:23 - 2014-03-23 15:23 - 00110321 _____ () C:\Users\californiaflame\Downloads\[kickass.to]the.essential.films.of.alejandro.jodorowsky.torrent
2014-03-23 15:15 - 2013-11-16 23:07 - 00000000 ____D () C:\Users\californiaflame\AppData\Roaming\Slick Savings
2014-03-23 15:15 - 2013-10-14 17:19 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-22 18:31 - 2014-03-22 18:31 - 00000000 ____D () C:\Program Files (x86)\Vuze Remote Toolbar
2014-03-22 18:31 - 2014-03-22 18:31 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-03-16 18:09 - 2014-03-16 18:09 - 00008801 _____ () C:\Users\californiaflame\Downloads\[kickass.to]thor.the.dark.world.2013.720p.brrip.x264.yify(1).torrent
2014-03-16 18:05 - 2014-03-16 18:05 - 00008801 _____ () C:\Users\californiaflame\Downloads\[kickass.to]thor.the.dark.world.2013.720p.brrip.x264.yify.torrent
2014-03-14 19:41 - 2014-03-14 19:41 - 00007699 _____ () C:\Users\californiaflame\Downloads\[kickass.to]apocalypse.pompeii.2014.720p.brrip.x264.yify.torrent
2014-03-14 19:26 - 2013-03-13 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 19:26 - 2013-03-13 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\californiaflame\AppData\Local\Temp\7za.exe
C:\Users\californiaflame\AppData\Local\Temp\avguidx.dll
C:\Users\californiaflame\AppData\Local\Temp\cisb_le1.dll
C:\Users\californiaflame\AppData\Local\Temp\cla2w_c5.dll
C:\Users\californiaflame\AppData\Local\Temp\FreemakeVideoConverter_4.1.1.4.exe
C:\Users\californiaflame\AppData\Local\Temp\ge6c9it3.dll
C:\Users\californiaflame\AppData\Local\Temp\GLFBCE7.tmp.ConduitEngineSetup.exe
C:\Users\californiaflame\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\californiaflame\AppData\Local\Temp\InstallAX.exe
C:\Users\californiaflame\AppData\Local\Temp\InstallPlugin.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\californiaflame\AppData\Local\Temp\ltijm1wg.dll
C:\Users\californiaflame\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\californiaflame\AppData\Local\Temp\ntdll_dump.dll
C:\Users\californiaflame\AppData\Local\Temp\OCSetupHlp.dll
C:\Users\californiaflame\AppData\Local\Temp\oi_{9DA4A729-433A-4478-AFB3-C4A63E2D47D9}.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.3.0-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.0-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.1-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.11-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.2-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.4-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.5-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.6-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.7-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.8-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.9-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.0-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.1-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.2-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.3-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.6.0-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.6.1-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.7.0-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\Quarantine.exe
C:\Users\californiaflame\AppData\Local\Temp\RegAsm.exe
C:\Users\californiaflame\AppData\Local\Temp\soundforgepro10.exe
C:\Users\californiaflame\AppData\Local\Temp\SSUPDATE64.EXE
C:\Users\californiaflame\AppData\Local\Temp\UpdaterCopy.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 17:00] - [2009-07-13 18:41] - 0518144 ____A (Microsoft Corporation) 7B4149BD1C8EF1A2C9D9FE8145E829B5

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 00:11

==================== End Of Log ============================

 

addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by californiaflame at 2014-04-12 11:57:14
Running from C:\Users\californiaflame\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Captivate 5 (HKLM-x32\...\{8E355243-1A34-4EE8-A743-C166E68CF5C0}) (Version: 5 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (HKLM-x32\...\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Captivate Reviewer (HKLM-x32\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Captivate Reviewer (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations (HKLM-x32\...\{836D5E9B-6D1E-4AFF-9329-5B9CB29A73C6}) (Version: 3.0.359 - ArcSoft)
Articulate Storyline (HKLM-x32\...\{CF080EA9-C318-46D7-A597-4EA95714E631}) (Version: 1.04.00 - Articulate)
Articulate Storyline (x32 Version: 1.04.00 - Articulate) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
corefx (HKLM-x32\...\{9AF49370-5491-4C37-B2A7-EC07F5E0F2C2}) (Version: 3.0.1 - Core Learning)
Cracklock 3.9.44 (HKLM-x32\...\Cracklock_is1) (Version: 3.9.44 - William Blum)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.0521 - CyberLink Corp.)
CyberLink YouPaint (x32 Version: 1.2.0521 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touch Zone (HKLM-x32\...\{DBF0A096-6EE7-488E-8C04-2536C7B3F120}) (Version: 1.2.1.8 - Dell)
Dell TouchCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.1.0515 - CyberLink Corp.)
Dell TouchCam (x32 Version: 1.1.0515 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Freemake Video Converter version 4.1.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.1 - Ellora Assets Corporation)
FretlightStudio.exe (HKLM-x32\...\Fretlight Studio 5.2.0_is1) (Version:  - Optek Music Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Guitar Pro 6 Fretlight Ready™ (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}) (Version: 8.0.6362.201 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft UI Engine (x32 Version: 4.0.0318.1 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
proXPN 2.5.2 (HKLM-x32\...\proXPN) (Version: 2.5.2 - )
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.3.2 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slick Savings (HKLM-x32\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.43.1000 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.3.0 - Synaptics Incorporated)
TomTom HOME 2.7.6.2056 (HKLM-x32\...\TomTom HOME) (Version: 2.7.6.2056 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
Vuze (HKLM-x32\...\8461-7759-5462-8226-1) (Version: 5.1.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v8.9 (HKLM-x32\...\{E2BDB56B-464B-49D7-AF12-B34C5E2E284B}) (Version: 8.9 - Spigot, Inc.) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
You Don't Know Jack (HKLM-x32\...\8461-7759-5462-8226) (Version: 1.00.0000 - ValuSoft, a division of THQ Inc.)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A10B02 - ZTE Corporation)

==================== Restore Points  =========================

30-03-2014 07:00:02 Scheduled Checkpoint
12-04-2014 04:31:57 Windows Update
12-04-2014 18:46:20 Windows Update

==================== Hosts content: ==========================

2012-06-30 15:57 - 2012-06-30 16:02 - 00002114 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1                activate.adobe.com
127.0.0.1                practivate.adobe.com
127.0.0.1                ereg.adobe.com
127.0.0.1                activate.wip3.adobe.com
127.0.0.1                wip3.adobe.com
127.0.0.1                3dns-3.adobe.com
127.0.0.1                3dns-2.adobe.com
127.0.0.1                adobe-dns.adobe.com
127.0.0.1                adobe-dns-2.adobe.com
127.0.0.1                adobe-dns-3.adobe.com
127.0.0.1                ereg.wip3.adobe.com
127.0.0.1                activate-sea.adobe.com
127.0.0.1                wwis-dubc1-vip60.adobe.com
127.0.0.1                activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {01F4F8E5-1F8F-4523-9E6E-189764E9587A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {0FD18E3B-4255-4D32-961B-DB9445C757B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15] (Google Inc.)
Task: {11CDF556-CDCA-4710-B831-E0D11F24141B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15] (Google Inc.)
Task: {1722F7D1-4079-4D68-BCDF-2B54844CA544} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-19] (PC-Doctor, Inc.)
Task: {1FF6F478-D061-4A59-AFDD-C50C463A4214} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {33EE07F4-0171-4751-9C02-B14BF30CE88E} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {452A2276-B47C-40E0-82A7-694EBE2396B4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4FEE9188-286F-47A6-BBBE-75E058488DB9} - System32\Tasks\proXPN => C:\Program Files (x86)\proXPN\bin\proxpn.exe [2013-07-03] (proXPN.com)
Task: {7F7ECD40-9DE1-4E0B-83E4-6DB341955434} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9123845F-4FC1-438D-B4FE-34DE6222DBB1} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {DCDE456C-6367-4A0A-B614-664138B64441} - System32\Tasks\AdobeAAMUpdater-1.0-darthvader-californiaflame => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {E55C18C6-2C35-4100-A515-D34E87246740} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-19] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-11-27 12:52 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-07-07 01:19 - 2013-06-21 16:23 - 03108864 _____ () C:\Users\californiaflame\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2010-02-09 11:34 - 2010-02-09 11:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-02-11 13:24 - 2010-02-11 13:24 - 03854544 _____ () C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
2009-10-15 01:10 - 2009-10-15 01:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-09 11:34 - 2010-02-09 11:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 11:34 - 2010-02-09 11:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 11:34 - 2010-02-09 11:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 11:34 - 2010-02-09 11:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 11:34 - 2010-02-09 11:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\californiaflame\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-28 18:30 - 2014-03-28 18:30 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 14:48 - 2014-03-11 14:48 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 08:02:30 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (04/09/2014 07:41:02 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (04/09/2014 06:46:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15568

Error: (04/09/2014 06:46:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15568

Error: (04/09/2014 06:46:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 07:56:30 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The underlying connection was closed: A connection that was expected to be kept alive was closed by the server. ---> System.IO.IOException: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine. ---> System.Net.Sockets.SocketException: An established connection was aborted by the software in your host machine
   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
   at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
   --- End of inner exception stack trace ---
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (04/03/2014 10:35:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42761606

Error: (04/03/2014 10:35:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42761606

Error: (04/03/2014 10:35:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2014 10:35:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42760592


System errors:
=============
Error: (04/12/2014 11:44:01 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service hung on starting.

Error: (04/12/2014 11:40:49 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/11/2014 09:55:51 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/11/2014 09:55:46 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (04/11/2014 09:51:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/11/2014 09:50:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/11/2014 09:49:18 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/11/2014 09:49:16 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (04/11/2014 09:33:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office Word 2007 (KB2878237).

Error: (04/11/2014 09:33:15 PM) (Source: DCOM) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 3764.54 MB
Available physical RAM: 1214.44 MB
Total Pagefile: 7527.22 MB
Available Pagefile: 4479.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:115.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: E1D88937)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

FRST SEARCH LOG:

Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by californiaflame at 2014-04-12 12:03:37
Running from C:\Users\californiaflame\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 17:00] - [2009-07-13 18:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2009-07-13 17:00] - [2009-07-13 18:41] - 0518144 ____A (Microsoft Corporation) 7B4149BD1C8EF1A2C9D9FE8145E829B5

====== End Of Search ======

Thank you!



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:27 AM

Posted 13 April 2014 - 05:07 AM

Hi californiaflame

Rogue Killer didn't throw up the expected error relating to your sound problem ( it normally does)
But we have located the problem with FRST.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Download folder.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 2
The FRST report is showing that the homepage in Google Chrome needs resetting .... this is best done using Google Chromes own tools:

Please fix Google Chrome browser home and default search pages using the "Settings" facility.
The link below will explain how to do this:

Set your homepage


Note: Where a home page has been removed using Chrome "Settings" the offending page will still show in the "Open New Tab page" even when browser history and user data is removed. Cache needs to be cleared as well

Go to the link below and follow the instructions on how to delete cache and cookies:

Delete your cache and other browser data



Step 3
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
In your next reply, please submit:
Fixlog.txt
AdwCleaner report

also let me know if the sound problem has now been rectified.


Thanks.

Attached Files


BBPP6nz.png


#7 californiaflame

californiaflame
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 13 April 2014 - 11:19 PM

Greetings Starbuck!

 

Problem has been fixed! Brilliant work, thank you so much, your script did the trick. Here are the log files:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2014 01
Ran by californiaflame at 2014-04-13 20:33:22 Run:1
Running from C:\Users\californiaflame\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1393984 2014-03-17] (Spigot, Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\...\MountPoints2: {e61ddd78-4fc8-11e3-94bb-5c260a05531e} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO-x32: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {00E2F4E0-F208-4826-A101-FE547C6DA4A1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Extension: Slick Savings - C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\savingsslider@mybrowserbar.com.xpi [2014-04-11]
CHR Extension: (Slick Savings) - C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-12-04]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\californiaflame\AppData\Local\Slick Savings\coupons.crx [2013-11-16]
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
2014-04-05 14:13 - 2014-04-12 11:49 - 00000089 _____ () C:\Windows\system32\xkzuhc.frg
2014-04-05 14:02 - 2014-04-05 14:02 - 00000064 _____ () C:\Windows\system32\vnkr.yyb
2014-04-05 14:02 - 2014-04-05 14:02 - 00000000 _____ () C:\Windows\system32\nkagka.gbs
2014-04-05 13:46 - 2014-04-05 13:46 - 00305834 ____S () C:\Windows\system32\vbthsrl.gli
2014-03-22 18:31 - 2014-03-22 18:31 - 00000000 ____D () C:\Program Files (x86)\Vuze Remote Toolbar
2014-03-22 18:31 - 2014-03-22 18:31 - 00000000 ____D () C:\Program Files (x86)\Application Updater
C:\Users\californiaflame\AppData\Local\Temp\7za.exe
C:\Users\californiaflame\AppData\Local\Temp\avguidx.dll
C:\Users\californiaflame\AppData\Local\Temp\cisb_le1.dll
C:\Users\californiaflame\AppData\Local\Temp\cla2w_c5.dll
C:\Users\californiaflame\AppData\Local\Temp\FreemakeVideoConverter_4.1.1.4.exe
C:\Users\californiaflame\AppData\Local\Temp\ge6c9it3.dll
C:\Users\californiaflame\AppData\Local\Temp\GLFBCE7.tmp.ConduitEngineSetup.exe
C:\Users\californiaflame\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\californiaflame\AppData\Local\Temp\InstallAX.exe
C:\Users\californiaflame\AppData\Local\Temp\InstallPlugin.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\californiaflame\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\californiaflame\AppData\Local\Temp\ltijm1wg.dll
C:\Users\californiaflame\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\californiaflame\AppData\Local\Temp\ntdll_dump.dll
C:\Users\californiaflame\AppData\Local\Temp\OCSetupHlp.dll
C:\Users\californiaflame\AppData\Local\Temp\oi_{9DA4A729-433A-4478-AFB3-C4A63E2D47D9}.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.3.0-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.0-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.1-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.11-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.2-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.4-install102.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.5-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.6-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.7-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.8-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.9-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.0-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.1-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.2-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.3-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.6.0-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.6.1-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.7.0-install001.exe
C:\Users\californiaflame\AppData\Local\Temp\Quarantine.exe
C:\Users\californiaflame\AppData\Local\Temp\RegAsm.exe
C:\Users\californiaflame\AppData\Local\Temp\soundforgepro10.exe
C:\Users\californiaflame\AppData\Local\Temp\SSUPDATE64.EXE
C:\Users\californiaflame\AppData\Local\Temp\UpdaterCopy.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:
*****************

[6312] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchSettings => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Launcher => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist => Key deleted successfully.
HKU\S-1-5-21-3851501560-2088687507-785293386-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e61ddd78-4fc8-11e3-94bb-5c260a05531e} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} => Key not found.
HKCR\CLSID\{e61ddd78-4fc8-11e3-94bb-5c260a05531e} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} => Key not found.
C:\Program Files\Dell\DellDock\DellDock.exe not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value deleted successfully.
HKCR\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value deleted successfully.
HKCR\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00E2F4E0-F208-4826-A101-FE547C6DA4A1} => Value deleted successfully.
HKCR\CLSID\{00E2F4E0-F208-4826-A101-FE547C6DA4A1} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\Extensions\savingsslider@mybrowserbar.com.xpi => Moved successfully.
C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
C:\Users\californiaflame\AppData\Local\Slick Savings\coupons.crx => Moved successfully.
AVG Security Toolbar Service => Service deleted successfully.
DockLoginService => Service deleted successfully.
C:\Windows\system32\xkzuhc.frg => Moved successfully.
C:\Windows\system32\vnkr.yyb => Moved successfully.
Could not move "C:\Windows\system32\nkagka.gbs" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\vbthsrl.gli" => Scheduled to move on reboot.
C:\Program Files (x86)\Vuze Remote Toolbar => Moved successfully.
C:\Program Files (x86)\Application Updater => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\7za.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\cisb_le1.dll => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\cla2w_c5.dll => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\FreemakeVideoConverter_4.1.1.4.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\ge6c9it3.dll => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\GLFBCE7.tmp.ConduitEngineSetup.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\InstallAX.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\InstallPlugin.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\ltijm1wg.dll => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\OCSetupHlp.dll => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\oi_{9DA4A729-433A-4478-AFB3-C4A63E2D47D9}.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.3.0-install102.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.0-install102.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.1-install102.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.11-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.2-install102.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.4-install102.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.5-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.6-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.7-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.8-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.4.9-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.0-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.1-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.2-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.5.3-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.6.0-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.6.1-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\proXPN-2.7.0-install001.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\RegAsm.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\soundforgepro10.exe => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\SSUPDATE64.EXE => Moved successfully.
C:\Users\californiaflame\AppData\Local\Temp\UpdaterCopy.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-13 20:36:51)<=

C:\Windows\system32\nkagka.gbs => Is moved successfully.
C:\Windows\system32\vbthsrl.gli => Is moved successfully.

==== End of Fixlog ====

 

# AdwCleaner v3.023 - Report created 13/04/2014 at 21:00:05
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : californiaflame - DARTHVADER
# Running from : C:\Users\californiaflame\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\californiaflame\AppData\Local\Slick Savings
Folder Deleted : C:\Users\californiaflame\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\californiaflame\AppData\Roaming\Slick Savings
Folder Deleted : C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\StumbleUpon
Folder Deleted : C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1:9421;<local>;*.local

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\californiaflame\AppData\Roaming\Mozilla\Firefox\Profiles\j6edr93q.default\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\californiaflame\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [50830 octets] - [16/11/2013 19:42:17]
AdwCleaner[R1].txt - [3233 octets] - [13/04/2014 20:52:31]
AdwCleaner[S0].txt - [49561 octets] - [16/11/2013 19:45:49]
AdwCleaner[S1].txt - [3246 octets] - [13/04/2014 21:00:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3306 octets] ##########

 

Thank you so much, I am in your debt.  I was just in Utrecht, NL on business and will be back at some point, and am planning a side trip to the UK when I return. I would be happy to buy you a pint as thanks. :-)



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:27 AM

Posted 14 April 2014 - 11:37 AM

Hi californiaflame
 

Problem has been fixed!

That's always good to hear. :thumbup2:
 

Thank you so much, I am in your debt.

It's not a problem at all, glad i could help.
 

I would be happy to buy you a pint as thanks. :-)

Thanks, have never been known to refuse a drink. :)

There are a few things we need to do, to finish off the cleaning procedure:

Step 1
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 and save it to your desktop.
  • Scroll down to where it says "Java SE 8".
  • Click the "Download JRE 8" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    .
    Java 6 Update 20 (64-bit)
    Java 7 Update 5

    .
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 2
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
JRT and the fixlist.txt can now be removed also..... right click on these and select delete.
There is also a folder located at: C:\FRST that can be removed as well.



Step 3
Download OTC and save it your Desktop.
Double click the OTC icon to run the program.
Click the 'CleanUp' button.

This utility will cleanup an assortment of tools used during malware removal, plus itself


Step 4
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Select the drive for cleaning then click OK (usually 'C' drive)
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
To find out how you may have been infected....read this topic:
How did i get infected?



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall


Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

They offer better security, more stability, and better speed.

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware so it's just not worth the risk for few free programs, music or films.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users