Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Buenosearch instead of first page


  • This topic is locked This topic is locked
1 reply to this topic

#1 Millis39

Millis39

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 29 April 2014 - 06:58 AM

This appears on each new page in Firefox. I got information using DDS. I have tried to remove this malware in Firefox and Control Panel, but it's not evident anywhere. I would like to remove it.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/09/2011 15:52:36
System Uptime: 29/04/2014 10:23:01 (3 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | N71Ja
Processor: Intel® Core™ i5 CPU       M 430  @ 2.27GHz | Socket 989 | 1450/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 33.204 GiB free.
D: is FIXED (NTFS) - 333 GiB total, 256.483 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 86.286 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP201: 24/04/2014 18:34:09 - Removed Skype Click to Call
RP202: 25/04/2014 09:20:15 - AA11
RP203: 25/04/2014 10:11:42 - Installed Document Express DjVu Plug-in
RP204: 28/04/2014 19:07:20 - AA11
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
7-Zip 9.20 (x64 edition)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Adobe AIR
Adobe Common File Installer
Adobe Community Help
Adobe Flash Player 13 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 9
Adobe Premiere Elements 3.0
Adobe Premiere Elements 3.0 Templates
Adobe Reader XI (11.0.06) - Svenska
Alcor Micro USB Card Reader
Alice Greenfingers
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArkivDigital online
ASUS AI Recovery
ASUS AP Bank
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ASUS_N_Series_Screensaver
ATI Catalyst Install Manager
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AVG 2014
BankID Security Application
Bing Bar
Bonjour
Canon iP4700 series Printer Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chicken Invaders 2
Choice Guard
ControlDeck
CrashPlan
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink Power2Go
CyberLink PowerDVD 9
Document Express DjVu Plug-in
doubleTwist
Dropbox
Elements 9 Organizer
Elements STI Installer
Emigranten Populär 2006
Emsisoft Anti-Malware
ETDWare PS/2-x64 7.0.5.9_WHQL
Evernote v. 4.6.7
Express Gate
Family Tree Maker 2012
Fast Boot
ffdshow [rev 2527] [2008-12-19]
FirstClass® Client
Game Park Console
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Turbo Boost Technology Driver
Intel® Turbo Boost Technology Monitor
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 51 (64-bit)
Junk Mail filter update
KeePass Password Safe 1.20
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Finnish) 2007
Microsoft Office Access MUI (Norwegian (Bokmål)) 2007
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Oppdatering (KB963678)
Microsoft Office Excel 2007 Help Uppdatering (KB963678)
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (Swedish) 2007
Microsoft Office InfoPath MUI (Swedish) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Finnish) 2007
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669)
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Norwegian (Bokmål)) 2007
Microsoft Office Proof (Norwegian (Nynorsk)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Proofing (Norwegian (Bokmål)) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Finnish) 2007
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared 64-bit MUI (Danish) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (Finnish) 2007
Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2007
Microsoft Office Shared 64-bit MUI (Swedish) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help Oppdatering (KB963665)
Microsoft Office Word 2007 Help Uppdatering (KB963665)
Microsoft Office Word MUI (Danish) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 28.0 (x86 sv-SE)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyDefrag v4.3.1
NEC Electronics USB 3.0 Host Controller Driver
Ohjelman Microsoft Office Excel 2007 Help päivitys (KB963678)
Ohjelman Microsoft Office Powerpoint 2007 Help päivitys (KB963669)
Ohjelman Microsoft Office Word 2007 Help päivitys (KB963665)
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
Opera 12.15
Quicken 2012
QuickTime 7
Realtek High Definition Audio Driver
Rotemannen
Samsung Kies3
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Skype™ 6.14
Spybot - Search & Destroy
SRS Premium Sound Control Panel
Svenska ortnamn
Sveriges befolkning 1880
Sveriges befolkning 1990
Sveriges dödbok 1901-2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Vittalia Installer
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass  (06/11/2009 6.2.0.9500)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
29/04/2014 11:36:23, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
29/04/2014 11:35:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
29/04/2014 10:08:20, Error: Service Control Manager [7001]  - The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/04/2014 21:16:23, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
28/04/2014 20:03:34, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
28/04/2014 20:03:34, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
28/04/2014 19:42:56, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
28/04/2014 19:42:56, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
28/04/2014 19:42:25, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
28/04/2014 19:42:25, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
28/04/2014 16:19:54, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
28/04/2014 16:19:41, Error: ACPI [10]  - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
26/04/2014 20:46:28, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
26/04/2014 20:46:28, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
26/04/2014 10:13:49, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
25/04/2014 09:39:09, Error: Ntfs [137]  - The default transaction resource manager on volume F: encountered a non-retryable error and could not start.  The data contains the error code.
25/04/2014 08:52:21, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
24/04/2014 19:19:24, Error: Service Control Manager [7031]  - The Emsisoft Anti-Malware 8.0 - Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
24/04/2014 19:19:24, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Emsisoft Anti-Malware 8.0 - Service service to connect.
24/04/2014 19:19:24, Error: Service Control Manager [7000]  - The Emsisoft Anti-Malware 8.0 - Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Marie Louise at 13:29:40 on 2014-04-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.46.1033.18.3949.888 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Users\Marie Louise\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Arkiv Digital\ArkivDigital online\adclient2.exe
C:\Windows\splwow64.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDesktop.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-28&ent=hp&u=2F68D4CAB252D1D77EBC4D535E8B8203
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\Users\MARIEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marie Louise\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\MARIEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8FDB7EED-0E2D-4DC3-878C-F1F1F46AF085} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8FDB7EED-0E2D-4DC3-878C-F1F1F46AF085}\4554C45423F50303D22363D24343D25403D23364D20383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8FDB7EED-0E2D-4DC3-878C-F1F1F46AF085}\8657375647F5679646F5374756E656E6 : DHCPNameServer = 80.85.127.1 80.85.127.2
TCP: Interfaces\{8FDB7EED-0E2D-4DC3-878C-F1F1F46AF085}\E6F6373716E6 : DHCPNameServer = 80.85.127.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyCyEzz0B0FtA0D0E0EzytN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtB0FtBtByCyBtG0FtC0D0AtGyEyEyBtBtGtB0FyB0FtGyD0ByD0EzyyDyC0DyD0A0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAtBzy0D0C0DtG0ByDzz0DtG0B0FyCtCtGyEyBzztCtGtCyEzzyD0EyBtDtAzz0B0A0E2Q&cr=940455060&ir=
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marie Louise\AppData\Roaming\Mozilla\Firefox\Profiles\j12cahzk.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/#inbox
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser.dll
FF - plugin: C:\Program Files (x86)\BankID\npBispBrowser_x64.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 4477dee9000000000000485b39648bf3
FF - user.js: extensions.BabylonToolbar_i.hardId - 4477dee9000000000000485b39648bf3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15333
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:06:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101240
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00014/tb_v1?SearchSource=1&cc=&mi=4477dee90000000000001a4bd6ceed86&toi=16032&q=
FF - user.js: extensions.Softonic.id - 4477dee90000000000001a4bd6ceed86
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16032
FF - user.js: extensions.Softonic.vrsn - 1.8.28.2
FF - user.js: extensions.Softonic.vrsni - 1.8.28.2
FF - user.js: extensions.Softonic.vrsnTs - 1.8.28.216:43:24
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - 2013desingbrand
FF - user.js: extensions.Softonic.instlRef - MOY00014
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00014/tb_v1?SearchSource=13&cc=&mi=4477dee90000000000001a4bd6ceed86&toi=16032
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00014/tb_v1/?SearchSource=15&cc=&mi=4477dee90000000000001a4bd6ceed86&toi=16032
FF - user.js: extensions.irmysearch.aflt - ir_14_12_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 940455060
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyCyEzz0B0FtA0D0E0EzytN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtB0FtBtByCyBtG0FtC0D0AtGyEyEyBtBtGtB0FyB0FtGyD0ByD0EzyyDyC0DyD0A0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAtBzy0D0C0DtG0ByDzz0DtG0B0FyCtCtGyEyBzztCtGtCyEzzyD0EyBtDtAzz0B0A0E2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyCyEzz0B0FtA0D0E0EzytN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtB0FtBtByCyBtG0FtC0D0AtGyEyEyBtBtGtB0FyB0FtGyD0ByD0EzyyDyC0DyD0A0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAtBzy0D0C0DtG0ByDzz0DtG0B0FyCtCtGyEyBzztCtGtCyEzzyD0EyBtDtAzz0B0A0E2Q&cr=940455060&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyCyEzz0B0FtA0D0E0EzytN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtB0FtBtByCyBtG0FtC0D0AtGyEyEyBtBtGtB0FyB0FtGyD0ByD0EzyyDyC0DyD0A0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAtBzy0D0C0DtG0ByDzz0DtG0B0FyCtCtGyEyBzztCtGtCyEzzyD0EyBtDtAzz0B0A0E2Q&cr=940455060&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyCyEzz0B0FtA0D0E0EzytN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtB0FtBtByCyBtG0FtC0D0AtGyEyEyBtBtGtB0FyB0FtGyD0ByD0EzyyDyC0DyD0A0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAtBzy0D0C0DtG0ByDzz0DtG0B0FyCtCtGyEyBzztCtGtCyEzzyD0EyBtDtAzz0B0A0E2Q&cr=940455060&ir=&q=
FF - user.js: extensions.mysearchdial.id - 485B39648BF3DEE9
FF - user.js: extensions.mysearchdial.instlDay - 16148
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.017:48:51
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - ir_14_12_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 940455060
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyEzzyD0BtAzyyCyEzz0B0FtA0D0E0EzytN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtB0FtBtByCyBtG0FtC0D0AtGyEyEyBtBtGtB0FyB0FtGyD0ByD0EzyyDyC0DyD0A0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EtAtBzy0D0C0DtG0ByDzz0DtG0B0FyCtCtGyEyBzztCtGtCyEzzyD0EyBtDtAzz0B0A0E2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-25 55856]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-4-24 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-4-24 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-4-24 17384]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-4-24 4163584]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-4-28 359552]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-18 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-4-28 14904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2011-3-16 152576]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2012-12-20 14952]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-30 1153368]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-2 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-2 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-2 168384]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-4-24 71472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-4-24 57024]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-28 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-27 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-27 176640]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-28 2314240]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-28 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-28 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-30 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-28 1255736]
.
=============== Created Last 30 ================
.
2014-04-29 04:22:19    17931952    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-04-28 17:13:24    --------    d-----w-    C:\Program Files\Lavasoft
2014-04-28 17:12:52    --------    d-----w-    C:\ProgramData\Search Protection
2014-04-28 17:12:50    --------    d-----w-    C:\Users\Marie Louise\AppData\Local\adawarebp
2014-04-28 17:12:14    --------    d-----w-    C:\Users\Marie Louise\AppData\Roaming\SecureSearch
2014-04-28 17:10:27    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2014-04-28 17:08:46    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2014-04-25 17:09:10    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-25 17:09:10    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-25 08:12:54    --------    d-----w-    C:\Program Files (x86)\Cuminas
2014-04-25 07:24:29    --------    d-----w-    C:\Users\Marie Louise\AppData\Roaming\LavasoftStatistics
2014-04-24 17:05:46    --------    d-----w-    C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-24 11:06:52    --------    d-----w-    C:\Program Files (x86)\SiteRecommend
2014-04-22 07:36:59    811728    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-22 07:36:59    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-04-22 07:36:59    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-04-22 07:36:56    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-04-22 07:36:56    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-04-18 16:58:45    --------    d-----w-    C:\ProgramData\Avg_Update_0414b
2014-04-18 13:01:56    237336    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-04-14 17:16:02    --------    d-----w-    C:\Users\Marie Louise\AppData\Roaming\AVG2014
2014-04-14 17:13:50    --------    d-----w-    C:\ProgramData\AVG2014
2014-04-14 17:08:55    --------    d-----w-    C:\Users\Marie Louise\AppData\Local\Avg2014
2014-04-14 11:18:21    --------    d-s---w-    C:\Windows\SysWow64\Microsoft
2014-04-11 06:37:48    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2FC51090-9986-4935-8EF1-D7DCA3C77894}\mpengine.dll
2014-03-31 14:20:54    274200    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-03-31 14:06:26    130840    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
.
==================== Find3M  ====================
.
2014-03-27 20:14:26    192792    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-03-27 20:14:24    153368    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-03-27 20:07:10    236824    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-03-27 20:05:02    324376    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-03-27 20:03:16    32536    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2014-03-22 06:51:10    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-03-06 09:32:16    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2013-11-06 08:51:22    50053120    ----a-w-    C:\Program Files (x86)\GUT5C82.tmp
2011-12-16 12:57:56    14531744    ----a-w-    C:\Program Files\fcc32.exe
2011-11-03 19:33:42    1008640    ----a-w-    C:\Program Files\fcsmapi.dll
2011-11-03 19:23:10    1080656    ----a-w-    C:\Program Files\dbghelp.dll
.
============= FINISH: 13:40:16.67 ===============
 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:50 AM

Posted 30 April 2014 - 05:47 AM

double post

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users