Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WeatherForecast Popup and Search Engine redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 hojoatt

hojoatt

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 August 2014 - 10:35 PM

Referred from here:  http://www.bleepingcomputer.com/forums/t/544005/allsavings-and-trovi-search-engine-browser-hijacker/ ~ OB

 

After running all kinds of cleaners under another post which fixed the original issue there is now a popup that poos up sometimes right when I boot, other times when opening hotmail and particularly in google chrome. I try to use google as search engine in all browsers and delete all the others but they keep restoring themselves especially bing or resetting the default every time I sign in. I was requested to start over and run DSS and put the DSS text log here and attach the attach.txt so here are both:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.51.2
Run by Howard at 21:19:21 on 2014-08-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2010.722 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_da04b0ddf9b3fc3a\STacSV.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\ChromeHelper\ChromeHelperUpdt.exe
C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\inteldh\msm\MSM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\system32\DllHost.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\system32\conhost.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = Preserve
uProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
BHO: installbroadcast: {d9b989ff-b61f-dced-2356-b274050b6785} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ChromeHelper] c:\program files\common files\chromehelper\ChromeHelper.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: Copy to &Lightning Note - c:\program files\corel\wordperfect office x6\programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{850F7AFF-37DC-449D-9CD5-A7403E3AEBA6} : DHCPNameServer = 75.75.76.76 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\howard\appdata\roaming\mozilla\firefox\profiles\2vhmpdcx.default-1407733698255\
FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\howard\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2013-3-12 15224]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-7-31 31744]
R2 ChromeHelperUpdt;ChromeHelperUpdt;c:\program files\common files\chromehelper\ChromeHelperUpdt.exe [2014-7-9 282232]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2012-7-30 6956504]
R2 FreeAgentTheater Service;Seagate Media;c:\program files\seagate\seagate_media\sync\MediaAggreService.exe [2011-6-7 155648]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-4-12 87368]
R2 ME Services Manager;ME Services Manager;c:\program files\intel\inteldh\msm\MSM.exe [2008-6-23 1628560]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104264]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-2 794272]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-2-18 144672]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2013-3-12 275320]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 CorelCreatorMessages;CorelCreatorMessages;c:\windows\system32\CorelCreatorMessages.exe [2012-4-25 73728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-27 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-22 88576]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 21888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-13 108032]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-1-22 184192]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2014-1-22 184192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect office x6\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2014-08-18 03:03:14 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{026046ed-9fd6-479e-a0a4-3e3bc16f5561}\offreg.dll
2014-08-18 01:02:39 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{026046ed-9fd6-479e-a0a4-3e3bc16f5561}\mpengine.dll
2014-08-16 04:45:25 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-08-16 03:46:17 -------- d-----w- c:\programdata\Sophos
2014-08-16 03:46:03 73728 ----a-r- c:\users\howard\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-08-16 03:46:02 73728 ----a-r- c:\users\howard\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-08-16 03:46:02 73728 ----a-r- c:\users\howard\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2014-08-16 03:45:34 -------- d-----w- c:\program files\Sophos
2014-08-14 05:03:43 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-14 04:40:22 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 04:40:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 04:40:08 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 04:39:58 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:25:59 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-14 04:23:38 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 04:23:38 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-14 04:23:36 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-08-14 04:19:58 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-08-14 04:19:57 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-08-14 04:19:57 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-08-14 04:19:56 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-08-14 04:16:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-08-14 04:14:53 626688 ----a-w- c:\windows\system32\usp10.dll
2014-08-14 03:30:00 -------- d-----w- c:\program files\ESET
2014-08-14 03:26:37 -------- d-----w- c:\program files\EasyMP3Downloader
2014-08-14 01:38:28 -------- d-----w- c:\users\howard\appdata\local\ESET
2014-08-14 00:53:57 1016261 ----a-w- c:\users\howard\JRT (1).exe
2014-08-14 00:52:06 1016261 ----a-w- c:\users\howard\JRT.exe
2014-08-14 00:39:23 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-14 00:38:12 -------- d-----w- C:\AdwCleaner
2014-08-14 00:37:46 1356107 ----a-w- c:\users\howard\adwcleaner_3.305.exe
2014-08-14 00:35:38 448512 ----a-w- c:\users\howard\TFC.exe
2014-08-14 00:33:24 2938144 ----a-w- c:\users\howard\setup.exe
2014-08-13 01:05:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-08-13 00:06:57 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{633a5873-9902-4a04-9da4-79dbae885ee2}\gapaengine.dll
2014-08-12 03:22:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-12 03:17:11 -------- d-----w- c:\programdata\ChromeHelper
2014-08-12 02:47:27 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-12 02:47:09 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-12 02:47:09 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-12 02:47:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-11 04:10:13 -------- d-----w- c:\program files\common files\ChromeHelper
2014-08-11 04:09:04 51336 ----a-w- c:\windows\system32\drivers\webinstr.sys
2014-08-11 04:06:30 -------- d-----w- c:\program files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-08-11 04:05:32 -------- d-----w- c:\program files\005
2014-08-03 19:20:44 -------- d-----w- c:\windows\Migration
2014-08-03 14:01:03 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-08-03 14:01:02 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-08-03 14:01:02 22528 ----a-w- c:\windows\system32\lsass.exe
2014-08-03 14:01:02 22016 ----a-w- c:\windows\system32\secur32.dll
2014-08-03 14:01:02 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-08-03 14:01:02 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-08-03 14:01:02 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-07-31 20:20:42 31744 ----a-w- c:\windows\system32\drivers\netfilter.sys
.
==================== Find3M  ====================
.
2014-08-11 04:11:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-11 04:11:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-07 01:43:38 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-07 01:39:08 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
2014-07-16 02:47:23 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 01:47:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-03 09:30:10 101824 ----a-w- c:\windows\system32\consent.exe
2014-06-03 09:29:50 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- c:\windows\system32\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- c:\windows\system32\authui.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
.
============= FINISH: 21:23:34.63 ===============

Edited by Orange Blossom, 17 August 2014 - 11:03 PM.


BC AdBot (Login to Remove)

 


#2 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 August 2014 - 10:39 PM

Well there was no option to attach the attach text so here it is:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2010 10:07:33 AM
System Uptime: 8/17/2014 9:13:27 PM (0 hours ago)
.
Motherboard: Intel Corporation |  | DG45ID
Processor: Pentium® Dual-Core  CPU      E5300  @ 2.60GHz | LGA775 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 193.752 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel® 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_90\3&11583659&0&F0
Manufacturer: Intel
Name: Intel® 82801 PCI Bridge - 244E
PNP Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_90\3&11583659&0&F0
Service: pci
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&26DEC884&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&26DEC884&0&2
Service: 
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel® Management Engine Interface
Device ID: PCI\VEN_8086&DEV_2E24&SUBSYS_50028086&REV_03\3&11583659&0&18
Manufacturer: Intel
Name: Intel® Management Engine Interface
PNP Device ID: PCI\VEN_8086&DEV_2E24&SUBSYS_50028086&REV_03\3&11583659&0&18
Service: HECI
.
==== System Restore Points ===================
.
RP1161: 7/24/2014 8:10:44 AM - Windows Update
RP1162: 7/28/2014 5:13:52 PM - Windows Update
RP1163: 8/1/2014 5:58:00 PM - Windows Update
RP1164: 8/3/2014 1:10:10 PM - Windows Update
RP1165: 8/7/2014 6:56:27 PM - Windows Update
RP1167: 8/10/2014 10:15:54 PM - Removed Creative ALchemy
RP1168: 8/10/2014 10:18:27 PM - Removed IPTInstaller
RP1169: 8/10/2014 10:19:11 PM - Removed IPTInstaller
RP1170: 8/10/2014 10:34:25 PM - Windows Update
RP1171: 8/11/2014 7:09:03 PM - Removed IPTInstaller
RP1172: 8/13/2014 10:26:58 PM - Windows Update
RP1173: 8/15/2014 9:44:37 PM - Installed Sophos Virus Removal Tool.
RP1174: 8/17/2014 7:00:32 PM - Windows Update
.
==== Installed Programs ======================
.
1500
1500_Help
1500Trb
Acrobat.com
Adobe Acrobat XI Pro
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader X (10.1.9)
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
AIO_CDB_ProductContext
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
AtomTime Pro 3.1d
AVG 2012
BearShare
Bing Bar
Bing Bar Platform
BitTorrent
CameraHelperMsi
CCleaner
CDDRV_Installer
Common
Contents
Copy
Corel PDF Fusion
Corel PDF Fusion Addins
Corel VideoStudio Essentials X4
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties
Creative WaveStudio 7
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DeviceIO
DisplayLink Core Software
DisplayLink Graphics
DocProc
Easy MP3 Downloader
erLT
Fax
Flash Player Pro V5.96
FrostWire 5.5.1
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
High-Definition Video Playback
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HTC Driver Installer
HTC Sync
HTC Sync Manager
i_instrumentation 1.0.38.0
i_msm 1.0.310.0
i_redistributables 1.0.45
i_swupdate 1.0.40.0
ICA
iCU2
IDT Audio
Intel® Remote Wake Technology 1.0.296.0
Intel® Remote Wake Technology 1.0.45.6
Intel® TV Wizard
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 51
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.2.1012
ManyCam 3.0.79 (remove only)
MarketResearch
McAfee Security Scan Plus
ME_Kit_Files
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 7 Essentials
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Dolby Files 10
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero Vision Xtra
neroxml
Nuance PaperPort 12
Nuance PDF Converter 5
Nuance PDF Viewer Plus
OCR Software by I.R.I.S. 13.0
PaperPort Image Printer
Paradox
PC Tools Registry Mechanic 11.1
PowerDVD
PureHD
QuickTime 7
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scansoft PDF Professional
Seagate Media Software
Second Nature - Audubon On Wings of Beauty
Second Nature - Natural Beauty by Kevin McNeal
Second Nature - Spring 2010
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Setup
Share
SmartWebPrinting
SolutionCenter
Sophos Virus Removal Tool
Spybot - Search & Destroy
Status
Suite Specific
TrayApp
UBCD4Win 3.50
update
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VIO
VSClassic
VSPro
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinZip 14.5
WordPerfect Office 2002 OEM
WordPerfect Office IFilter 32-bit
WordPerfect Office X4
WordPerfect Office X5
WordPerfect Office X5 - Setup Files
WordPerfect Office X6
WordPerfect Office X6 - Common Files
WordPerfect Office X6 - Common Files English
WordPerfect Office X6 - Extras
WordPerfect Office X6 - IPM
WordPerfect Office X6 - Lightning Files
WordPerfect Office X6 - Lightning Files English
WordPerfect Office X6 - Oxford
WordPerfect Office X6 - Presentations Files
WordPerfect Office X6 - Presentations Files English
WordPerfect Office X6 - Quattro Pro Files
WordPerfect Office X6 - Quattro Pro Files English
WordPerfect Office X6 - Setup Files
WordPerfect Office X6 - System Files
WordPerfect Office X6 - WordPerfect Files
WordPerfect Office X6 - WordPerfect Files English
WordPerfect Office X6 - WT
WordPerfect OfficeReady
.
==== Event Viewer Messages From Past Week ========
.
8/17/2014 9:15:51 PM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
8/17/2014 9:15:51 PM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
8/17/2014 9:15:51 PM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
8/17/2014 9:15:38 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The network is not present or not started.
8/17/2014 9:15:31 PM, Error: Service Control Manager [7024]  - The Routing and Remote Access service terminated with service-specific error The network is not present or not started..
8/17/2014 9:13:39 PM, Error: HECI [3]  - HECI driver has failed to perform handshake with the Firmware.
8/14/2014 7:14:58 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ekrn service.
8/14/2014 7:14:58 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
8/14/2014 7:14:58 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/14/2014 7:11:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
8/14/2014 7:11:12 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect.
8/14/2014 7:11:12 PM, Error: Service Control Manager [7000]  - The HP Network Devices Support service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/14/2014 7:09:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/14/2014 7:09:49 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/14/2014 7:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/14/2014 6:57:30 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Startup and Shutdown Monitor service service to connect.
8/14/2014 12:21:27 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
8/14/2014 12:21:27 AM, Error: Service Control Manager [7000]  - The Net.Tcp Port Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/14/2014 12:10:41 AM, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/13/2014 8:59:26 PM, Error: Service Control Manager [7022]  - The Windows Mobile-2003-based device connectivity service hung on starting.
8/13/2014 8:53:27 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x80004005   Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/13/2014 8:49:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Mobile-based device connectivity service to connect.
8/13/2014 8:49:22 PM, Error: Service Control Manager [7000]  - The Windows Mobile-based device connectivity service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/13/2014 8:48:32 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Nero Update service to connect.
8/13/2014 8:47:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/13/2014 8:47:42 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/13/2014 8:45:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/13/2014 8:38:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
8/13/2014 8:34:51 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:34:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/13/2014 8:34:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/13/2014 8:34:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/13/2014 8:34:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/13/2014 8:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2014 8:34:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/13/2014 8:34:35 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache eamonm ehdrv MpFilter NetBIOS NetBT netfilter nsiproxy rdbss spldr tdx Wanarpv6 WfpLwf
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/13/2014 8:34:35 PM, Error: Service Control Manager [7001]  - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2014 8:20:02 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ME Services Manager service to connect.
8/13/2014 8:20:02 PM, Error: Service Control Manager [7000]  - The ME Services Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/13/2014 8:19:28 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live Mesh remote connections service service to connect.
8/13/2014 8:19:28 PM, Error: Service Control Manager [7000]  - The Windows Live Mesh remote connections service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/13/2014 7:32:09 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x80004005   Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/13/2014 11:13:06 PM, Error: Service Control Manager [7022]  - The Windows Mobile-based device connectivity service hung on starting.
8/13/2014 10:37:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2977218).
8/12/2014 7:18:23 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT netfilter nsiproxy rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf
8/12/2014 6:08:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.179.2883.0).
8/12/2014 6:07:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.179.2699.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10802.0   Error code: 0x80070643   Error description: Fatal error during installation. 
8/11/2014 11:06:04 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.179.2699.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10802.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
8/10/2014 10:48:38 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/10/2014 10:48:38 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-2147218173.
.
==== End Of File ===========================

Edited by Orange Blossom, 17 August 2014 - 11:00 PM.
Moved to correct forum. ~ OB


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 22 August 2014 - 08:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
If you still have the AdwCleaner tool please run it and get the latest version.
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  •  
    IMPORTANT
     
    • If you click the Clean button all items listed in the report will be removed.
     
    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
     
    • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the  version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #4 hojoatt

    hojoatt
    • Topic Starter

    • Members
    • 66 posts
    • OFFLINE
    •  
    • Local time:08:13 AM

    Posted 22 August 2014 - 09:38 PM

    Here is adw:

    # AdwCleaner v3.308 - Report created 22/08/2014 at 20:26:30
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Howard - HOWARD-PC
    # Running from : C:\Users\Howard\Desktop\adwcleaner_3.308.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    File Deleted : C:\Windows\system32\drivers\webinstr.sys
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8DAAC0D8-0D8B-FA0C-F441-811E386F612F}]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17239
     
     
    -\\ Mozilla Firefox v29.0.1 (en-US)
     
    [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ccumvbtt.default\prefs.js ]
     
     
    [ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\2vhmpdcx.default-1407733698255\prefs.js ]
     
     
    [ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\adkyeqpg.default-1365730395628\prefs.js ]
     
     
    [ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\fsmhgyrx.default\prefs.js ]
     
     
    -\\ Google Chrome v
     
    [ File : C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [11974 octets] - [13/08/2014 18:38:17]
    AdwCleaner[R1].txt - [1373 octets] - [13/08/2014 18:59:18]
    AdwCleaner[R2].txt - [1441 octets] - [13/08/2014 20:13:49]
    AdwCleaner[R3].txt - [2413 octets] - [22/08/2014 20:24:23]
    AdwCleaner[S0].txt - [12318 octets] - [13/08/2014 18:39:39]
    AdwCleaner[S1].txt - [1502 octets] - [13/08/2014 20:15:48]
    AdwCleaner[S2].txt - [2350 octets] - [22/08/2014 20:26:30]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2410 octets] ##########
     
    Here is frst.txt and attach.txt attached:
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-08-2014
    Ran by Howard (administrator) on HOWARD-PC on 22-08-2014 20:33:33
    Running from C:\Users\Howard\Desktop
    Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_da04b0ddf9b3fc3a\stacsv.exe
    (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
    (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    () C:\Program Files\Common Files\ChromeHelper\ChromeHelperUpdt.exe
    (Seagate Technology LLC) C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe
    (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
    (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    (PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Intel® Corporation) C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe
    (Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\inteldh\msm\MSM.exe
    (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    () C:\Program Files\Common Files\ChromeHelper\ChromeHelper.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    (Nero AG) C:\Program Files\Nero\Update\NASvc.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [ChromeHelper] => C:\Program Files\Common Files\ChromeHelper\ChromeHelper.exe [862840 2014-07-09] ()
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-2217498536-3232725908-2164653555-1000\...\Policies\Explorer: [NoInstrumentation] 1
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06E9E3E7AEA1CE01
    SearchScopes: HKCU - {682A7C04-E8D6-49B9-9B93-07B32D1B33EF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
    BHO: installbroadcast -> {d9b989ff-b61f-dced-2356-b274050b6785} ->  No File
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
    Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\2vhmpdcx.default-1407733698255
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Howard\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Howard\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files\Mozilla Firefox\extensions\{b887b641-88d8-2f32-54bd-29c18efea74d} [2014-05-22]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-26]
    FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-21]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-15]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
     
    Chrome: 
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (No Name) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl [2012-04-21]
    CHR Extension: (No Name) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcanihidejmgkmijkpejjgpbcmbhamo [2014-03-22]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
    CHR HKLM\...\Chrome\Extension: [ghcanihidejmgkmijkpejjgpbcmbhamo] - C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx [2014-03-18]
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-04-21]
    CHR HKCU\...\Chrome\Extension: [ghcanihidejmgkmijkpejjgpbcmbhamo] - C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx [2014-03-18]
    CHR StartMenuInternet: Google Chrome - C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-10] (Adobe Systems) [File not signed]
    R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
    R2 ChromeHelperUpdt; C:\Program Files\Common Files\ChromeHelper\ChromeHelperUpdt.exe [282232 2014-07-09] ()
    S3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [73728 2012-04-25] (Global Graphics Software Ltd) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-04-27] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
    R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [6956504 2012-07-30] (DisplayLink Corp.)
    R2 FreeAgentTheater Service; C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe [155648 2011-06-07] (Seagate Technology LLC) [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
    R2 ME Services Manager; C:\Program Files\Intel\inteldh\msm\MSM.exe [1628560 2008-06-23] (Intel® Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
    S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-12-05] (Nero AG) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
    R2 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
    R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
    R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-18] (Nuance Communications, Inc.)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 Software Services Manager; C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe [51088 2008-06-23] (Intel® Corporation)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_da04b0ddf9b3fc3a\STacSV.exe [221273 2008-05-22] (IDT, Inc.)
    R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347080 2009-06-04] (Creative Technology Ltd)
    S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [21888 2012-07-30] (http://libusb-win32.sourceforge.net)
    R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [275320 2012-07-30] (DisplayLink Corp.)
    R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15224 2012-07-30] (DisplayLink Corp.)
    R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
    R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
    R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
    S3 lvselsus; C:\Windows\System32\DRIVERS\lvselsus.sys [66528 2010-07-27] (Logitech Inc.)
    R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
    R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    R3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)
    S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) [File not signed]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-08-22 20:33 - 2014-08-22 20:34 - 00021755 _____ () C:\Users\Howard\Desktop\FRST.txt
    2014-08-22 20:32 - 2014-08-22 20:33 - 00000000 ____D () C:\FRST
    2014-08-22 20:32 - 2014-08-22 20:32 - 01094656 _____ (Farbar) C:\Users\Howard\Desktop\FRST.exe
    2014-08-22 20:23 - 2014-08-22 20:23 - 01364531 _____ () C:\Users\Howard\Desktop\adwcleaner_3.308.exe
    2014-08-17 21:26 - 2014-08-17 21:26 - 00000000 __SHD () C:\Users\Howard\AppData\Local\EmieUserList
    2014-08-17 21:26 - 2014-08-17 21:26 - 00000000 __SHD () C:\Users\Howard\AppData\Local\EmieSiteList
    2014-08-15 21:46 - 2014-08-17 21:48 - 00000000 ____D () C:\ProgramData\Sophos
    2014-08-13 23:32 - 2014-08-13 23:32 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Yahoo!
    2014-08-13 23:20 - 2014-08-13 23:42 - 00221497 _____ () C:\Windows\hpoins19.dat
    2014-08-13 23:20 - 2009-10-19 22:30 - 00013898 ____N () C:\Windows\hpomdl19.dat
    2014-08-13 23:03 - 2014-08-13 23:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-13 22:40 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-13 22:40 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-13 22:40 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-13 22:39 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-13 22:26 - 2014-07-31 17:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-13 22:26 - 2014-07-25 07:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-13 22:26 - 2014-07-25 07:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-13 22:26 - 2014-07-25 06:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-13 22:26 - 2014-07-25 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-13 22:26 - 2014-07-25 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-13 22:26 - 2014-07-25 06:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-13 22:26 - 2014-07-25 06:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-13 22:26 - 2014-07-25 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-13 22:26 - 2014-07-25 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-13 22:26 - 2014-07-25 06:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-13 22:26 - 2014-07-25 06:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-13 22:26 - 2014-07-25 06:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-13 22:26 - 2014-07-25 05:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-13 22:26 - 2014-07-25 05:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-13 22:26 - 2014-07-25 05:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-13 22:26 - 2014-07-25 05:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-13 22:26 - 2014-07-25 05:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-13 22:26 - 2014-07-25 05:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-13 22:26 - 2014-07-25 05:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-13 22:26 - 2014-07-25 05:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-13 22:26 - 2014-07-25 05:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-13 22:26 - 2014-07-25 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-13 22:26 - 2014-07-25 05:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-13 22:26 - 2014-07-25 04:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-13 22:26 - 2014-07-25 04:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-13 22:26 - 2014-07-25 04:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-13 22:26 - 2014-07-13 19:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-13 22:26 - 2014-06-15 19:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-13 22:26 - 2014-06-15 19:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-08-13 22:26 - 2014-06-15 19:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-08-13 22:26 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2014-08-13 22:26 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-08-13 22:26 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-08-13 22:26 - 2014-03-04 03:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-08-13 22:26 - 2014-03-04 03:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-08-13 22:26 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-08-13 22:26 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-08-13 22:26 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-08-13 22:26 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-08-13 22:26 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-08-13 22:26 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-08-13 22:25 - 2014-08-06 19:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-13 22:25 - 2014-08-06 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-13 22:25 - 2014-07-25 07:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-13 22:25 - 2014-07-25 06:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-13 22:25 - 2014-07-25 06:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-13 22:25 - 2014-07-15 20:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-13 22:25 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-13 22:25 - 2014-07-15 19:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-13 22:25 - 2014-06-03 03:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-13 22:25 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-13 22:25 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-13 22:25 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-13 22:25 - 2014-05-30 01:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-08-13 22:25 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-08-13 22:25 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-08-13 22:25 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-08-13 22:25 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-08-13 22:25 - 2014-05-30 01:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-08-13 22:25 - 2014-05-30 01:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-08-13 22:24 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-13 22:23 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-08-13 22:23 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-08-13 22:23 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-08-13 22:23 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-08-13 22:23 - 2014-07-08 19:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-08-13 22:23 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-08-13 22:23 - 2014-01-23 20:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-08-13 22:17 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-08-13 22:17 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-08-13 22:17 - 2014-04-04 20:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-08-13 22:17 - 2014-04-04 20:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-08-13 22:17 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-08-13 22:17 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-08-13 22:17 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-08-13 22:17 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-08-13 22:17 - 2014-03-04 03:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-08-13 22:17 - 2014-02-03 20:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-08-13 22:17 - 2014-02-03 20:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-08-13 22:17 - 2014-02-03 20:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-08-13 22:17 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-08-13 22:16 - 2014-05-30 00:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-08-13 22:14 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-08-13 22:01 - 2014-08-13 22:01 - 00058780 _____ () C:\Users\Howard\Desktop\HP Installation Error - Windows 7.hta
    2014-08-13 21:46 - 2014-08-13 18:29 - 00221270 ____N () C:\Windows\hpoins19.dat.temp
    2014-08-13 21:30 - 2014-08-14 20:26 - 00000000 ____D () C:\Program Files\ESET
    2014-08-13 21:26 - 2014-08-13 21:26 - 00001093 _____ () C:\Users\Public\Desktop\Easy MP3 Downloader.lnk
    2014-08-13 21:26 - 2014-08-13 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy MP3 Downloader
    2014-08-13 21:26 - 2014-08-13 21:26 - 00000000 ____D () C:\Program Files\EasyMP3Downloader
    2014-08-13 21:20 - 2014-08-13 21:20 - 06132489 _____ () C:\Users\Howard\Desktop\EasyMP3Downloader-4.6.4.6.Setup.exe
    2014-08-13 19:38 - 2014-08-13 19:38 - 00000000 ____D () C:\Users\Howard\AppData\Local\ESET
    2014-08-13 18:53 - 2014-08-13 18:54 - 01016261 _____ (Thisisu) C:\Users\Howard\JRT (1).exe
    2014-08-13 18:52 - 2014-08-13 18:52 - 01016261 _____ (Thisisu) C:\Users\Howard\JRT.exe
    2014-08-13 18:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
    2014-08-13 18:38 - 2014-08-22 20:26 - 00000000 ____D () C:\AdwCleaner
    2014-08-13 18:37 - 2014-08-13 18:37 - 01356107 _____ () C:\Users\Howard\adwcleaner_3.305.exe
    2014-08-13 18:35 - 2014-08-13 18:35 - 00448512 _____ (OldTimer Tools) C:\Users\Howard\TFC.exe
    2014-08-13 18:33 - 2014-08-13 18:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Howard\setup.exe
    2014-08-13 18:29 - 2009-10-19 22:30 - 00013898 ____N () C:\Windows\hpomdl19.dat.temp
    2014-08-12 19:05 - 2014-08-13 20:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-08-11 21:22 - 2014-08-11 21:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-11 21:17 - 2014-08-14 20:30 - 00000000 ____D () C:\ProgramData\ChromeHelper
    2014-08-11 21:13 - 2014-08-22 20:28 - 00002072 _____ () C:\Windows\setupact.log
    2014-08-11 21:13 - 2014-08-11 21:13 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-11 21:12 - 2014-08-22 20:27 - 00027496 _____ () C:\Windows\PFRO.log
    2014-08-11 20:47 - 2014-08-14 20:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-11 20:47 - 2014-08-11 20:47 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-11 20:47 - 2014-08-11 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-11 20:47 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-08-11 20:47 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-11 20:47 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-08-10 22:10 - 2014-08-10 22:40 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherForecast
    2014-08-10 22:10 - 2014-08-10 22:10 - 00000000 ____D () C:\Program Files\Common Files\ChromeHelper
    2014-08-10 22:09 - 2014-08-10 22:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
    2014-08-10 22:06 - 2014-08-13 20:04 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
    2014-08-10 22:05 - 2014-08-11 21:12 - 00000000 ____D () C:\Program Files\005
    2014-08-03 08:09 - 2014-08-03 08:09 - 00110592 _____ () C:\Windows\system32\config\default.rrr
    2014-08-03 08:01 - 2014-06-05 08:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-08-03 08:01 - 2014-04-11 20:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-08-03 08:01 - 2014-04-11 20:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-08-03 08:01 - 2014-04-11 20:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-08-03 08:01 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-08-03 08:01 - 2014-04-11 20:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-08-03 08:01 - 2014-04-11 20:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-07-31 14:20 - 2014-07-31 14:20 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-08-22 20:34 - 2014-08-22 20:33 - 00021755 _____ () C:\Users\Howard\Desktop\FRST.txt
    2014-08-22 20:34 - 2010-04-26 10:07 - 01245061 _____ () C:\Windows\WindowsUpdate.log
    2014-08-22 20:33 - 2014-08-22 20:32 - 00000000 ____D () C:\FRST
    2014-08-22 20:32 - 2014-08-22 20:32 - 01094656 _____ (Farbar) C:\Users\Howard\Desktop\FRST.exe
    2014-08-22 20:31 - 2009-07-13 20:04 - 00000510 _____ () C:\Windows\win.ini
    2014-08-22 20:28 - 2014-08-11 21:13 - 00002072 _____ () C:\Windows\setupact.log
    2014-08-22 20:28 - 2013-08-05 20:27 - 00000000 ____D () C:\Users\Howard\AppData\Local\HTC MediaHub
    2014-08-22 20:28 - 2010-10-15 14:19 - 00000000 ____D () C:\Windows\system32\logishrd
    2014-08-22 20:28 - 2009-07-13 22:53 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-08-22 20:28 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-22 20:27 - 2014-08-11 21:12 - 00027496 _____ () C:\Windows\PFRO.log
    2014-08-22 20:27 - 2009-07-13 22:33 - 00389736 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-22 20:26 - 2014-08-13 18:38 - 00000000 ____D () C:\AdwCleaner
    2014-08-22 20:26 - 2009-07-13 22:34 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-22 20:26 - 2009-07-13 22:34 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-22 20:23 - 2014-08-22 20:23 - 01364531 _____ () C:\Users\Howard\Desktop\adwcleaner_3.308.exe
    2014-08-17 21:59 - 2011-02-04 22:19 - 00000000 ____D () C:\Users\Howard\Documents\Bank statements
    2014-08-17 21:48 - 2014-08-15 21:46 - 00000000 ____D () C:\ProgramData\Sophos
    2014-08-17 21:26 - 2014-08-17 21:26 - 00000000 __SHD () C:\Users\Howard\AppData\Local\EmieUserList
    2014-08-17 21:26 - 2014-08-17 21:26 - 00000000 __SHD () C:\Users\Howard\AppData\Local\EmieSiteList
    2014-08-15 23:06 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-08-14 21:46 - 2012-10-16 12:52 - 00000000 ____D () C:\Program Files\Yahoo!
    2014-08-14 20:39 - 2014-08-11 20:47 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-14 20:32 - 2011-09-26 21:11 - 00006558 _____ () C:\ProgramData\hpzinstall.log
    2014-08-14 20:31 - 2011-09-26 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-08-14 20:31 - 2011-09-26 21:12 - 00000000 ____D () C:\Program Files\HP
    2014-08-14 20:30 - 2014-08-11 21:17 - 00000000 ____D () C:\ProgramData\ChromeHelper
    2014-08-14 20:26 - 2014-08-13 21:30 - 00000000 ____D () C:\Program Files\ESET
    2014-08-13 23:42 - 2014-08-13 23:20 - 00221497 _____ () C:\Windows\hpoins19.dat
    2014-08-13 23:32 - 2014-08-13 23:32 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Yahoo!
    2014-08-13 23:28 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\twain_32
    2014-08-13 23:04 - 2009-07-14 01:49 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-08-13 23:03 - 2014-08-13 23:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-13 23:01 - 2013-08-23 20:16 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-13 22:55 - 2010-04-26 10:29 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-13 22:36 - 2010-04-26 10:26 - 00778588 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-13 22:01 - 2014-08-13 22:01 - 00058780 _____ () C:\Users\Howard\Desktop\HP Installation Error - Windows 7.hta
    2014-08-13 21:26 - 2014-08-13 21:26 - 00001093 _____ () C:\Users\Public\Desktop\Easy MP3 Downloader.lnk
    2014-08-13 21:26 - 2014-08-13 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy MP3 Downloader
    2014-08-13 21:26 - 2014-08-13 21:26 - 00000000 ____D () C:\Program Files\EasyMP3Downloader
    2014-08-13 21:20 - 2014-08-13 21:20 - 06132489 _____ () C:\Users\Howard\Desktop\EasyMP3Downloader-4.6.4.6.Setup.exe
    2014-08-13 20:53 - 2013-03-12 21:44 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
    2014-08-13 20:05 - 2014-05-11 01:19 - 01052672 ___SH () C:\Users\Howard\Downloads\Thumbs.db
    2014-08-13 20:04 - 2014-08-10 22:06 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
    2014-08-13 20:00 - 2014-08-12 19:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-08-13 19:38 - 2014-08-13 19:38 - 00000000 ____D () C:\Users\Howard\AppData\Local\ESET
    2014-08-13 18:59 - 2010-04-26 10:07 - 00000000 ____D () C:\Users\Howard
    2014-08-13 18:54 - 2014-08-13 18:53 - 01016261 _____ (Thisisu) C:\Users\Howard\JRT (1).exe
    2014-08-13 18:52 - 2014-08-13 18:52 - 01016261 _____ (Thisisu) C:\Users\Howard\JRT.exe
    2014-08-13 18:37 - 2014-08-13 18:37 - 01356107 _____ () C:\Users\Howard\adwcleaner_3.305.exe
    2014-08-13 18:35 - 2014-08-13 18:35 - 00448512 _____ (OldTimer Tools) C:\Users\Howard\TFC.exe
    2014-08-13 18:33 - 2014-08-13 18:33 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Howard\setup.exe
    2014-08-13 18:29 - 2014-08-13 21:46 - 00221270 ____N () C:\Windows\hpoins19.dat.temp
    2014-08-11 22:05 - 2014-07-06 18:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-11 21:43 - 2014-08-11 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-11 21:13 - 2014-08-11 21:13 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-11 21:12 - 2014-08-10 22:05 - 00000000 ____D () C:\Program Files\005
    2014-08-11 20:47 - 2014-08-11 20:47 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-11 20:47 - 2014-08-11 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-11 19:09 - 2011-02-07 21:51 - 00000000 ____D () C:\Program Files\HTC
    2014-08-10 23:50 - 2012-05-05 02:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-08-10 23:07 - 2014-02-20 21:54 - 00000208 _____ () C:\Users\Howard\myextension_debug.log
    2014-08-10 22:49 - 2010-08-22 21:54 - 00000000 ____D () C:\ProgramData\TEMP
    2014-08-10 22:40 - 2014-08-10 22:10 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherForecast
    2014-08-10 22:25 - 2010-04-26 10:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-08-10 22:21 - 2011-10-24 17:14 - 00000000 ____D () C:\Users\Guest
    2014-08-10 22:16 - 2010-04-26 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
    2014-08-10 22:16 - 2010-04-26 11:29 - 00000000 ____D () C:\Program Files\Creative
    2014-08-10 22:16 - 2010-04-26 11:28 - 00000000 ____D () C:\ProgramData\Creative
    2014-08-10 22:11 - 2012-05-24 21:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-08-10 22:11 - 2012-05-24 21:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-10 22:11 - 2011-09-19 20:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-08-10 22:10 - 2014-08-10 22:10 - 00000000 ____D () C:\Program Files\Common Files\ChromeHelper
    2014-08-10 22:09 - 2014-08-10 22:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
    2014-08-06 19:43 - 2014-08-13 22:25 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-06 19:39 - 2014-08-13 22:25 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-03 16:51 - 2012-10-08 10:46 - 00000258 __RSH () C:\Users\Howard\ntuser.pol
    2014-08-03 13:18 - 2012-04-24 16:57 - 00002133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-08-03 13:18 - 2012-03-30 01:53 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-08-03 13:18 - 2012-03-30 01:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-08-03 08:10 - 2009-07-13 20:03 - 71303168 _____ () C:\Windows\system32\config\software.rmbak
    2014-08-03 08:09 - 2014-08-03 08:09 - 00110592 _____ () C:\Windows\system32\config\default.rrr
    2014-08-01 17:46 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\LogFiles
    2014-07-31 17:16 - 2014-08-13 22:26 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-31 14:20 - 2014-07-31 14:20 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
    2014-07-25 07:51 - 2014-08-13 22:25 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-25 07:04 - 2014-08-13 22:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-25 07:03 - 2014-08-13 22:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-25 06:34 - 2014-08-13 22:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-25 06:34 - 2014-08-13 22:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-25 06:33 - 2014-08-13 22:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-25 06:30 - 2014-08-13 22:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-25 06:21 - 2014-08-13 22:26 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-25 06:18 - 2014-08-13 22:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-25 06:17 - 2014-08-13 22:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-25 06:12 - 2014-08-13 22:26 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-25 06:10 - 2014-08-13 22:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-25 06:10 - 2014-08-13 22:26 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-25 06:08 - 2014-08-13 22:25 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-25 06:06 - 2014-08-13 22:25 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-25 05:59 - 2014-08-13 22:26 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-25 05:52 - 2014-08-13 22:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-25 05:43 - 2014-08-13 22:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-25 05:36 - 2014-08-13 22:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-25 05:34 - 2014-08-13 22:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-25 05:29 - 2014-08-13 22:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-25 05:13 - 2014-08-13 22:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-25 05:09 - 2014-08-13 22:26 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-25 05:07 - 2014-08-13 22:26 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-25 05:07 - 2014-08-13 22:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-25 05:03 - 2014-08-13 22:26 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-25 04:09 - 2014-08-13 22:26 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-25 04:05 - 2014-08-13 22:26 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-25 04:00 - 2014-08-13 22:26 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
     
    Files to move or delete:
    ====================
    C:\Users\Howard\adwcleaner_3.305.exe
    C:\Users\Howard\JRT (1).exe
    C:\Users\Howard\JRT.exe
    C:\Users\Howard\setup.exe
    C:\Users\Howard\TFC.exe
     
     
    Some content of TEMP:
    ====================
    C:\Users\Howard\AppData\Local\Temp\InstHelper.exe
    C:\Users\Howard\AppData\Local\Temp\Quarantine.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2011-12-31 10:32
     
    ==================== End Of Log ============================

     



    #5 hojoatt

    hojoatt
    • Topic Starter

    • Members
    • 66 posts
    • OFFLINE
    •  
    • Local time:08:13 AM

    Posted 22 August 2014 - 09:45 PM

    And the answer to your question of how computer runs is just the same the "WeatherForecast" popup attempting to download things still pops up.



    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 39,222 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:13 AM

    Posted 23 August 2014 - 07:43 AM

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
     
    start
     
    () C:\Program Files\Common Files\ChromeHelper\ChromeHelper.exe
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ChromeHelper] => C:\Program Files\Common Files\ChromeHelper\ChromeHelper.exe [862840 2014-07-09] ()
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    SearchScopes: HKCU - {A07F4262-3A97-4CB2-A6F3-5F27CCFFA792} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1066435&CUI=UN24563581711552025&UM=4
    BHO: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
    BHO: installbroadcast -> {d9b989ff-b61f-dced-2356-b274050b6785} ->  No File
    Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
    Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files\Mozilla Firefox\extensions\{b887b641-88d8-2f32-54bd-29c18efea74d} [2014-05-22]
    CHR Extension: (No Name) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl [2012-04-21]
    CHR Extension: (No Name) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcanihidejmgkmijkpejjgpbcmbhamo [2014-03-22]
    CHR HKLM\...\Chrome\Extension: [ghcanihidejmgkmijkpejjgpbcmbhamo] - C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx [2014-03-18]
    CHR HKCU\...\Chrome\Extension: [ghcanihidejmgkmijkpejjgpbcmbhamo] - C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx [2014-03-18]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    R2 ChromeHelperUpdt; C:\Program Files\Common Files\ChromeHelper\ChromeHelperUpdt.exe [282232 2014-07-09] ()
    R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
    C:\Program Files\Common Files\ChromeHelper
    C:\Windows\System32\drivers\netfilter.sys
    
    
    cmd: ipconfig /flushdns
    cmd: ipconfig /release
    cmd: ipconfig /renew
    
    End
    
     
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     
    Download Security Check by screen317 from here.
    •  
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
    ===
     
    How is the computer running now?
     


    #7 hojoatt

    hojoatt
    • Topic Starter

    • Members
    • 66 posts
    • OFFLINE
    •  
    • Local time:08:13 AM

    Posted 23 August 2014 - 07:28 PM

    fixlog.txt:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014
    Ran by Howard at 2014-08-23 18:22:50 Run:1
    Running from C:\FRST\FRST-OlderVersion
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    start
     
    () C:\Program Files\Common Files\ChromeHelper\ChromeHelper.exe
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ChromeHelper] => C:\Program Files\Common Files\ChromeHelper\ChromeHelper.exe [862840 2014-07-09] ()
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    BHO: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
    BHO: installbroadcast -> {d9b989ff-b61f-dced-2356-b274050b6785} ->  No File
    Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
    Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files\Mozilla Firefox\extensions\{b887b641-88d8-2f32-54bd-29c18efea74d} [2014-05-22]
    CHR Extension: (No Name) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl [2012-04-21]
    CHR Extension: (No Name) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcanihidejmgkmijkpejjgpbcmbhamo [2014-03-22]
    CHR HKLM\...\Chrome\Extension: [ghcanihidejmgkmijkpejjgpbcmbhamo] - C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx [2014-03-18]
    CHR HKCU\...\Chrome\Extension: [ghcanihidejmgkmijkpejjgpbcmbhamo] - C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx [2014-03-18]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    R2 ChromeHelperUpdt; C:\Program Files\Common Files\ChromeHelper\ChromeHelperUpdt.exe [282232 2014-07-09] ()
    R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
    C:\Program Files\Common Files\ChromeHelper
    C:\Windows\System32\drivers\netfilter.sys
     
     
    cmd: ipconfig /flushdns
    cmd: ipconfig /release
    cmd: ipconfig /renew
     
    End
    *****************
     
    [2348] C:\Program Files\Common Files\ChromeHelper\ChromeHelper.exe => Process closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ChromeHelper => value deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A07F4262-3A97-4CB2-A6F3-5F27CCFFA792}" => Key deleted successfully.
    "HKCR\CLSID\{A07F4262-3A97-4CB2-A6F3-5F27CCFFA792}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => Key deleted successfully.
    "HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9b989ff-b61f-dced-2356-b274050b6785}" => Key deleted successfully.
    "HKCR\CLSID\{d9b989ff-b61f-dced-2356-b274050b6785}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value deleted successfully.
    "HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value deleted successfully.
    "HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" => Key not found.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{b887b641-88d8-2f32-54bd-29c18efea74d} => Moved successfully.
    C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl => Moved successfully.
    C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcanihidejmgkmijkpejjgpbcmbhamo => Moved successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\ghcanihidejmgkmijkpejjgpbcmbhamo" => Key deleted successfully.
    C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx => Moved successfully.
    "HKCU\SOFTWARE\Google\Chrome\Extensions\ghcanihidejmgkmijkpejjgpbcmbhamo" => Key deleted successfully.
    "C:\Users\Howard\AppData\Local\CRE\ghcanihidejmgkmijkpejjgpbcmbhamo.crx" => File/Directory not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    ChromeHelperUpdt => Service stopped successfully.
    ChromeHelperUpdt => Service deleted successfully.
    netfilter => Service stopped successfully.
    netfilter => Service deleted successfully.
    C:\Program Files\Common Files\ChromeHelper => Moved successfully.
    C:\Windows\System32\drivers\netfilter.sys => Moved successfully.
     
    =========  ipconfig /flushdns =========
     
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========= End of CMD: =========
     
     
    =========  ipconfig /release =========
     
     
    Windows IP Configuration
     
     
    Ethernet adapter Local Area Connection:
     
       Connection-specific DNS Suffix  . : 
       IPv6 Address. . . . . . . . . . . : 2601:7:7e00:1414:201c:1f81:3416:6cc0
       Temporary IPv6 Address. . . . . . : 2601:7:7e00:1414:f51e:9da1:7ce8:7e4c
       Link-local IPv6 Address . . . . . : fe80::201c:1f81:3416:6cc0%10
       Default Gateway . . . . . . . . . : fe80::21d:d6ff:fe6f:3211%10
     
    ========= End of CMD: =========
     
     
    =========  ipconfig /renew =========
     
     
    Windows IP Configuration
     
     
    Ethernet adapter Local Area Connection:
     
       Connection-specific DNS Suffix  . : hsd1.ut.comcast.net.
       IPv6 Address. . . . . . . . . . . : 2601:7:7e00:1414:201c:1f81:3416:6cc0
       Temporary IPv6 Address. . . . . . : 2601:7:7e00:1414:f51e:9da1:7ce8:7e4c
       Link-local IPv6 Address . . . . . : fe80::201c:1f81:3416:6cc0%10
       IPv4 Address. . . . . . . . . . . : 10.0.0.15
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : fe80::21d:d6ff:fe6f:3211%10
                                           10.0.0.1
     
    ========= End of CMD: =========
     
     
    ==== End of Fixlog ====


    #8 hojoatt

    hojoatt
    • Topic Starter

    • Members
    • 66 posts
    • OFFLINE
    •  
    • Local time:08:13 AM

    Posted 23 August 2014 - 07:43 PM

    checkup.txt  ;

     

     Results of screen317's Security Check version 0.99.87  
     Windows 7 Service Pack 1 x86 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Firewall Enabled!  
    Microsoft Security Essentials   
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:````````` 
     Spybot - Search & Destroy 
     CCleaner     
     Java™ 6 Update 31  
     Java 7 Update 51  
     Java version out of Date! 
     Adobe Flash Player 14.0.0.145  
     Adobe Reader 10.1.9 Adobe Reader out of Date!  
     Mozilla Firefox 29.0.1 Firefox out of Date!  
     Google Chrome 33.0.1750.154  
     Google Chrome 34.0.1847.116  
    ````````Process Check: objlist.exe by Laurent````````  
     Microsoft Security Essentials MSMpEng.exe 
     Microsoft Security Essentials msseces.exe 
     Spybot Teatimer.exe is disabled! 
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C: 2% 
    ````````````````````End of Log`````````````````````` 


    #9 hojoatt

    hojoatt
    • Topic Starter

    • Members
    • 66 posts
    • OFFLINE
    •  
    • Local time:08:13 AM

    Posted 23 August 2014 - 07:52 PM

    The pop up did not pop up this time rebooting but will give it a couple tries to see if cured for sure but looks ok and is also booting faster



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 39,222 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:13 AM

    Posted 24 August 2014 - 07:51 AM

    Secure your system by updating 3rd party programs.
     
    Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
    Latest version is Java JRE 7u67.
     
    You can manually check your present version and update as recommended.
     
    Be careful not to install malware posing as Java update!
    Important read this blog.
     
    Quoted from the page.
    "In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
     
    How to disable Java in your browsers
     
     
    If present remove the old version(s) of Java using the Add/Remove Programs applet.
     
    Java™ 6 Update 31  
     Java 7 Update 51
     
    ===
     
    Get the latest version of the Adobe Reader.
    Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
     
    When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
    <<<>>>
     
    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe.
    ===


    #11 hojoatt

    hojoatt
    • Topic Starter

    • Members
    • 66 posts
    • OFFLINE
    •  
    • Local time:08:13 AM

    Posted 24 August 2014 - 10:12 AM

    I did not find that link to Secuia at all helpful and in fact it may well have reinfected my computer. After running and displayinh a list of manual set up programs the links instead of going to those program updates instead led to these same malware device manager downloads of everything else except the program supposedly to be updated It appears itself to be an infect program 



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 39,222 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:13 AM

    Posted 24 August 2014 - 11:55 AM

    Please run the AdwCleaner tool one more time.

    Let me know what was installed without your consent.



    #13 hojoatt

    hojoatt
    • Topic Starter

    • Members
    • 66 posts
    • OFFLINE
    •  
    • Local time:08:13 AM

    Posted 24 August 2014 - 12:29 PM

    Here is the adw.txt. I don't know how to read it so I wouldn't know what was installed:

     

    # AdwCleaner v3.308 - Report created 24/08/2014 at 11:22:28
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Howard - HOWARD-PC
    # Running from : C:\Users\Howard\Desktop\adwcleaner_3.308.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Users\Howard\Documents\Updater
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17239
     
     
    -\\ Mozilla Firefox v29.0.1 (en-US)
     
    [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ccumvbtt.default\prefs.js ]
     
     
    [ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\2vhmpdcx.default-1407733698255\prefs.js ]
     
     
    [ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\adkyeqpg.default-1365730395628\prefs.js ]
     
     
    [ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\fsmhgyrx.default\prefs.js ]
     
     
    -\\ Google Chrome v
     
    [ File : C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [11974 octets] - [13/08/2014 18:38:17]
    AdwCleaner[R1].txt - [1373 octets] - [13/08/2014 18:59:18]
    AdwCleaner[R2].txt - [1441 octets] - [13/08/2014 20:13:49]
    AdwCleaner[R3].txt - [2413 octets] - [22/08/2014 20:24:23]
    AdwCleaner[R4].txt - [1731 octets] - [24/08/2014 11:01:17]
    AdwCleaner[S0].txt - [12318 octets] - [13/08/2014 18:39:39]
    AdwCleaner[S1].txt - [1502 octets] - [13/08/2014 20:15:48]
    AdwCleaner[S2].txt - [2490 octets] - [22/08/2014 20:26:30]
    AdwCleaner[S3].txt - [1654 octets] - [24/08/2014 11:22:28]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1714 octets] ##########


    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 39,222 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:13 AM

    Posted 25 August 2014 - 07:11 AM

    It's clean.

     

    The .js files are created for each Firefox profile and are clean also.



    #15 nasdaq

    nasdaq

    • Malware Response Team
    • 39,222 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:10:13 AM

    Posted 30 August 2014 - 07:16 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users