PDA

View Full Version : MyWebSearch problem. Requested by Judy


Wrong #
01-20-2013, 11:03 AM
My MBA_M logs.
#1 Yesterday (with problems): Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.19.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: CHUCKS-PC [administrator]

1/19/2013 1:17:12 PM
mbam-log-2013-01-19 (13-17-12).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 480194
Time elapsed: 54 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.MyWebsearch) -> Bad: (http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Z1^xdm003^S04303^us&ptb=8D9F5668-F933-4462-AC24-1D044F934599&si=CO_krsvd4bQCFeZDMgodxWkAcA) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Chuck\Desktop\Vio_Player_Setup(1).exe (PUP.BundleInstaller.VIO) -> Quarantined and deleted successfully.
C:\Users\Chuck\Desktop\Vio_Player_Setup.exe (PUP.BundleInstaller.VIO) -> Quarantined and deleted successfully.
C:\Users\Chuck\Desktop\XvidSetup(1).exe (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Users\Chuck\Desktop\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.

(end)
------------------------------------------------------------------------------------------
#2 Today:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: CHUCKS-PC [administrator]

1/20/2013 9:55:27 AM
mbam-log-2013-01-20 (09-55-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 481892
Time elapsed: 51 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

jholland1964
01-20-2013, 11:09 AM
You have a lot more malware on there besides mywebsearch.

Now do a DDS scan and post both logs:

Download DDS by sUBs and save it to your Desktop.

http://www.bleepingcomputer.com/download/anti-virus/dds

Be sure follow the instructions below carefully
• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
• Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.
Notice I say copy/paste BOTH logs. The Attach.txt log says at the top to attach it, please do not attach it but copy/paste it also
Both of these logs are very long and because of that will take multiple replies in order to post them here. Please split the logs carefully as each and every line must be seen.

MikeN.
01-20-2013, 11:14 AM
My MBA_M logs.
#1 Yesterday (with problems): Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.19.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: CHUCKS-PC [administrator]

1/19/2013 1:17:12 PM
mbam-log-2013-01-19 (13-17-12).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 480194
Time elapsed: 54 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.MyWebsearch) -> Bad: (http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Z1^xdm003^S04303^us&ptb=8D9F5668-F933-4462-AC24-1D044F934599&si=CO_krsvd4bQCFeZDMgodxWkAcA) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Chuck\Desktop\Vio_Player_Setup(1).exe (PUP.BundleInstaller.VIO) -> Quarantined and deleted successfully.
C:\Users\Chuck\Desktop\Vio_Player_Setup.exe (PUP.BundleInstaller.VIO) -> Quarantined and deleted successfully.
C:\Users\Chuck\Desktop\XvidSetup(1).exe (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Users\Chuck\Desktop\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.



(end)
------------------------------------------------------------------------------------------
#2 Today:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: CHUCKS-PC [administrator]

1/20/2013 9:55:27 AM
mbam-log-2013-01-20 (09-55-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 481892
Time elapsed: 51 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

All bad downloads!

jholland1964
01-20-2013, 11:25 AM
All bad downloads!
Mike beat me to it, he types faster than I do. :D

Absolutely bad downloads. Don't know where you got these but take a look at google search result for the Vio Player, even their own Home page gets an average rating of 6.75 out of 100!

http://www.mywot.com/en/scorecard/vioplayer.com?utm_source=addon&utm_content=popup-donuts

As to the XvidSetup.exe, have no idea where you got this, but it was likely downloaded in a "bundler" downloader which then brings in tons of stuff you don't want. Very likely softonic, NEVER download from there. Virtually anything you download from there is extremely risky.

Wrong #
01-20-2013, 11:34 AM
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Chuck at 11:27:28 on 2013-01-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4008.1997 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Premium\VaudiX\VaudiX.exe
C:\ProgramData\Premium\OptimizerPro\OptimizerPro.e xe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
E:\Program Files\VMware\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Chuck\Desktop\SnagIt 7\SnagIt32.exe
C:\Users\Chuck\Desktop\SnagIt 7\TSCHelp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_146.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://start.facemoods.com/?a=fmtgl&s={searchTerms}&f=4
uURLSearchHooks: {256db8bc-7da7-4248-97cd-44e07216b7f1} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: Vaudix Class: {DE28295C-56B5-DAC3-0541-C1C115EF7669} - C:\ProgramData\Vaudix\50ce09ca536b9.ocx
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [Video Performer63817.exe] "C:\Users\Chuck\AppData\Local\Temp\Video Performer63817.exe" /XML="C:\Users\Chuck\AppData\Local\Temp\30EF.tmp" /STP=0:2
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\PRINTK~1.LNK - C:\Windows\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F450 1EF3B5A3A.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{698D7204-F98B-43C9-9878-8432FCC6A23B} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\vaudix\sprote~1.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Insta ller\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxps://rrtp.comed.com/live-prices/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin .dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_40 2_287.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_50 2_146.dll
FF - ExtSQL: 2012-12-16 11:50; 50ce09ca53527@50ce09ca53561.com; C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\50ce09ca53527@50 ce09ca53561.com
FF - ExtSQL: 2012-12-21 18:30; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
---- FIREFOX POLICIES ----
.
.
FF - user.js: extentions.y2layers.installId - c108657c-27b6-49ad-b3b6-91c67dcb6043
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDown loader,BestVideoDownloader,
.

Wrong #
01-20-2013, 11:38 AM
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2011 10:02:58 PM
System Uptime: 1/20/2013 5:16:44 AM (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8H61-M LX2
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | LGA1155 | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 425 GiB total, 334.153 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 34.18 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 819.136 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP170: 1/18/2013 10:53:57 AM - Windows Update
.
==== Installed Programs ======================
.
123 Free Solitaire 2009 v7.2
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Adobe Shockwave Player 11.6
ASAP Utilities
Ashampoo Burning Studio 2010 Advanced
avast! Free Antivirus
Bejeweled 3
Bejeweled Twist 1.0
Big Game Hunter 4
Bing Bar
Cabela's Big Game Hunter III
CamStudio OSS Desktop Recorder
CDDRV_Installer
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
D3DX10
Deer Hunter 3
Defraggler
erLT
eSupport UndeletePlus 3.0.3.521
Fantapper Player
Free Solitaire 3D 1.74
GetDislike
Glary Utilities 2.46.0.1518
Google Chrome
Google Earth
Google Update Helper
High-Definition Video Playback
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Junk Mail filter update
KhalInstallWrapper
LG CyberLink LabelPrint
LG CyberLink PowerBackup
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LG USB Modem driver
Logitech SetPoint
Logitech Vid HD
Logitech Webcam Software
Mahjong Escape - Ancient China
MailWasher Free 6.5.4
Malwarebytes Anti-Malware version 1.70.0.1100
Masque 2013 Card, Mahjongg & Solitaire Games
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional with FrontPage
Microsoft Pandora's Box
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyTomTom 3.2.0.700
Nero 11 Kwik Themes Basic
Nero Audio Pack 1
Nero Core Components 11
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Update
nero.prerequisites.msi
Night Before Christmas
NirSoft BlueScreenView
Optical Disc Doctor
OptimizerPro
Picasa 3
Platform
Professional Bull Rider
Railroad Tycoon II - Platinum
Rarewings.com Miller Hm-4 Aeroval for FSX
Realtek Ethernet Controller Driver
Recuva
Rocky Mountain Trophy Hunter
Seagate*DiscWizard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SEW File Utilities
SIW version 2011.10.29
Skype Click to Call
Skype™ 6.0
SlingPlayer
Stellarium 0.11.2
SUPERAntiSpyware
TeamSpeak 2 RC2
TeamSpeak 3 Client
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VaudiX
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
VistaBootPRO 3.3
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.1
VmciSockets
VMware Player
Windows Driver Package - OEM (mr8980) Image (04/19/2011 2.0.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows XP Mode
Wireless Monitoring System
WONswap
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
1/19/2013 3:43:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Fantapper Player Update Service service to connect.
1/19/2013 3:43:52 PM, Error: Service Control Manager [7000] - The Fantapper Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/19/2013 3:29:13 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2013 3:29:11 PM, Error: Service Control Manager [7001] - The Application Virtualization Client service depends on the Application Virtualization Service Agent service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/19/2013 3:29:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Service Agent service to connect.
1/19/2013 3:29:01 PM, Error: Service Control Manager [7000] - The Application Virtualization Service Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

jholland1964
01-20-2013, 11:51 AM
LOTS of Malware and dangerous files on there BUT DDS.txt log is incomplete. It stops with listings from
================= FIREFOX ===================
There are more sections to it than that. It should also include the following:


============= SERVICES / DRIVERS ===============

=============== File Associations ===============


=============== Created Last 30 ================

==================== Find3M ====================

============= FINISH: time noted here ===============

Wrong #
01-20-2013, 11:56 AM
Sorry, missed the second part of the txt file.

.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.s ys [2011-12-28 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-28 370288]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswF sBlk.sys [2011-12-28 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [2011-12-28 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-4 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-15 11776]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13336]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2009-4-27 93960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-17 2656280]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2011-3-29 27760]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-2 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sy s [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftpla ylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftr edirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh .sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-29 2157680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 CrucialSMBusScan;CrucialSMBusScan;C:\Windows\Syste m32\drivers\CrucialSMBusScan.sys [2012-8-21 18984]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2012-4-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-2 158976]
S3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);C:\Windows\System32\drivers\lvuvc64.sy s [2009-10-7 6379288]
S3 mr8980;Wireless Monitoring System;C:\Windows\System32\drivers\mr8980x64.sys [2011-4-19 114176]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2012-9-8 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-20 15:15:49 -------- d-----w- C:\Users\Chuck\AppData\Local\{5D25FAD9-0650-40EC-B849-E4E0C0E8EDD3}
2013-01-20 02:09:16 -------- d-----w- C:\Users\Chuck\AppData\Roaming\SpeedMaxPc
2013-01-20 02:09:16 -------- d-----w- C:\Users\Chuck\AppData\Roaming\DriverCure
2013-01-20 02:09:09 -------- d-----w- C:\ProgramData\SpeedMaxPc
2013-01-20 02:07:50 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE3390F8-842C-4E7B-AA56-0F3140335AD5}\offreg.dll
2013-01-19 19:10:27 -------- d-----w- C:\Users\Chuck\AppData\Local\Programs
2013-01-19 16:57:02 -------- d-----w- C:\Users\Chuck\AppData\Local\{97BD37DF-DC4A-4DEB-946D-DDAC41A907CB}
2013-01-19 04:20:52 -------- d-----w- C:\Users\Chuck\AppData\Local\{3ACC9FC0-3D4B-4BEA-BFFF-864CB0A2F8F0}
2013-01-18 16:54:32 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE3390F8-842C-4E7B-AA56-0F3140335AD5}\mpengine.dll
2013-01-18 16:20:28 -------- d-----w- C:\Users\Chuck\AppData\Local\{72D4188B-5451-455A-9657-841B2B417E2A}
2013-01-18 01:29:51 -------- d-----w- C:\Users\Chuck\AppData\Local\{1258B411-74B1-481D-B946-1235F952D36E}
2013-01-17 13:19:08 -------- d-----w- C:\Users\Chuck\AppData\Local\{04852F47-4167-472D-ACA0-9D03FE7D4C3D}
2013-01-16 18:46:37 -------- d-----w- C:\Users\Chuck\AppData\Local\{1EC6A931-9744-4CF1-9CAD-0FBAF2D7299B}
2013-01-16 04:41:47 -------- d-----w- C:\Users\Chuck\AppData\Local\{4390F1DB-59F7-4120-94BE-23E7236E393D}
2013-01-15 16:14:50 -------- d-----w- C:\Users\Chuck\AppData\Local\{F591CCC5-5282-4C9D-8D88-CC836BC32486}
2013-01-14 17:28:22 -------- d-----w- C:\Users\Chuck\AppData\Local\{2EC8A38D-5637-400C-A174-62FBD1DFAA66}
2013-01-13 16:39:32 -------- d-----w- C:\Users\Chuck\AppData\Local\{AC22A8D3-25A2-41E1-BD61-B6C72DE9CC32}
2013-01-13 01:09:57 -------- d-----w- C:\Users\Chuck\AppData\Local\{4DBC714A-9F59-4AA1-8F49-87A2755A5756}
2013-01-12 10:05:15 -------- d-----w- C:\Users\Chuck\AppData\Local\{41FA32B8-9941-4E93-AB46-D26307477554}
2013-01-11 17:35:09 -------- d-----w- C:\Users\Chuck\AppData\Local\{7F12FB8D-0421-4BC6-9FE0-9CFCA7C4CC06}
2013-01-10 16:52:24 -------- d-----w- C:\Users\Chuck\AppData\Local\{E0216A8F-E251-474E-86B3-6714FFB59094}
2013-01-09 21:54:30 -------- d-----w- C:\Users\Chuck\AppData\Local\{85BD26F9-B588-47E1-9A82-CA3B64A60090}
2013-01-09 04:57:38 -------- d-----w- C:\Users\Chuck\AppData\Local\{309E8DB5-C032-4B8D-AE2F-4BB7604914F2}
2013-01-08 16:21:18 -------- d-----w- C:\Users\Chuck\AppData\Local\{1257B8EB-0926-4A10-A98F-57BC6A9DD782}
2013-01-07 16:33:05 -------- d-----w- C:\Users\Chuck\AppData\Local\{A1239F04-61C5-42B0-80F9-D9AC39C91FB4}
2013-01-06 19:19:53 -------- d-----w- C:\Users\Chuck\AppData\Local\{4E4C8FC8-C718-40B7-93D8-F2F96743241B}
2013-01-06 05:55:17 -------- d-----w- C:\Users\Chuck\AppData\Local\{ECC19A4E-50AA-458B-8340-14451139BB01}
2013-01-05 17:04:55 -------- d-----w- C:\Users\Chuck\AppData\Local\{CE990682-3231-40AB-921D-EBF7B966A22B}
2013-01-05 03:55:17 -------- d-----w- C:\Users\Chuck\AppData\Local\{890433B4-B845-4847-828A-1F357580F2B4}
2013-01-04 15:54:48 -------- d-----w- C:\Users\Chuck\AppData\Local\{C7F933CD-E278-4F57-9816-292268BB3B96}
2013-01-03 17:38:58 -------- d-----w- C:\Users\Chuck\AppData\Local\{051DF4A1-3857-4895-AC58-6C5B462F0D97}
2013-01-03 01:15:38 -------- d-----w- C:\Users\Chuck\AppData\Local\{B3BD63E2-25E1-48BD-B744-D9F560AB5C5E}
2013-01-02 11:32:39 -------- d-----w- C:\Users\Chuck\AppData\Local\{286160F1-9B13-4210-9DFF-9C5384E5BCED}
2013-01-01 17:07:16 -------- d-----w- C:\Users\Chuck\AppData\Local\{A5180FF2-95EA-4F9F-B2B6-49056A70E271}
2013-01-01 04:45:57 -------- d-----w- C:\Users\Chuck\AppData\Local\{BBD5FC25-0623-4A7B-B980-7A932041628A}
2012-12-31 16:45:28 -------- d-----w- C:\Users\Chuck\AppData\Local\{3F4C146C-540B-4BC2-A08E-46B3061C33D0}
2012-12-30 17:38:13 -------- d-----w- C:\Users\Chuck\AppData\Local\{48C905AD-7DF5-4770-B91F-29B785BAD15A}
2012-12-30 04:17:23 -------- d-----w- C:\Users\Chuck\AppData\Local\{E2CA15BA-D24A-4B8D-A625-65F854943BD7}
2012-12-29 15:59:58 -------- d-----w- C:\Users\Chuck\AppData\Local\{C2FAF43C-71DF-47AC-986A-C3248B3AB16F}
2012-12-28 17:54:30 -------- d-----w- C:\Users\Chuck\AppData\Local\{F486439D-B316-4732-99CE-01793EFE7630}
2012-12-28 05:54:01 -------- d-----w- C:\Users\Chuck\AppData\Local\{F158460A-B6CC-4DB8-80B8-8C4A1182E80A}
2012-12-27 17:53:33 -------- d-----w- C:\Users\Chuck\AppData\Local\{8BC90E2E-68D4-4FF5-99FA-0456132717D3}
2012-12-26 16:22:47 -------- d-----w- C:\Users\Chuck\AppData\Local\{C510B5FB-1B8E-4C86-B0B0-16DBD48CB7F3}
2012-12-25 18:14:47 -------- d-----w- C:\ProgramData\Paessler
2012-12-25 18:14:41 -------- d-----w- C:\usr
2012-12-25 18:13:40 -------- d-----w- C:\Program Files (x86)\PRTG Network Monitor
2012-12-25 16:58:38 -------- d-----w- C:\Users\Chuck\AppData\Local\{5B11A660-B334-4485-9A05-E5128AA586A1}
2012-12-25 04:58:14 -------- d-----w- C:\Users\Chuck\AppData\Local\{9C484515-9746-4DAB-8CD6-A07C52B2609D}
2012-12-24 06:16:27 -------- d-----w- C:\Users\Chuck\AppData\Local\{5B094E38-7FD9-4A7B-A32E-F08558B11E7B}
2012-12-23 17:45:51 -------- d-----w- C:\Users\Chuck\AppData\Local\{DB73B820-C6A8-41BE-B920-CEE499A83170}
2012-12-22 19:08:06 -------- d-----w- C:\Users\Chuck\AppData\Local\{C2AC707C-58FB-4407-870C-0F73DE1B796A}
2012-12-22 04:24:39 -------- d-----w- C:\Users\Chuck\AppData\Local\{EFE1CA57-346E-4888-89EA-A419029A45F2}
2012-12-22 00:30:26 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-21 19:42:28 -------- d-----w- C:\Program Files (x86)\Wireless Monitoring System
2012-12-21 19:41:34 -------- d-----w- C:\Users\Chuck\AppData\Roaming\{7967DDC0-0922-44D3-B5A9-98609EFBF3F5}
.
==================== Find3M ====================
.
2013-01-09 01:45:11 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:45:11 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-11 03:35:37 1633472 ----a-w- C:\Users\Chuck\AppData\Roaming\vioplayer_d429057.e xe
2012-12-11 03:35:35 526336 ----a-w- C:\Users\Chuck\AppData\Roaming\bsetter-new.exe
2012-12-11 03:35:34 6312677 ----a-w- C:\Users\Chuck\AppData\Roaming\vio_clean.exe
2012-12-11 03:35:23 419554 ----a-w- C:\Users\Chuck\AppData\Roaming\satoolbar.exe
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
1999-10-01 03:31:38 869376 ----a-w- C:\Program Files\Printkey2000.exe
1996-11-06 20:26:48 49352 ----a-r- C:\Program Files\SETUP.EXE
1996-10-16 09:05:12 75776 ----a-r- C:\Program Files\SCR.EXE
.
============= FINISH: 11:53:42.69 ===============

jholland1964
01-20-2013, 12:02 PM
Turn OFF Windows Defender and leave it turned off. It is useless, plus will interfere with fixes and removals done by other top of the line programs like Avast, SAS and MBA-M

These programs MUST be uninstalled, they are KNOWN to be bad programs, classed as malware by many scanners and by most reputable web sites:

Fantapper Player, this is running ALL the time in the background by the way.

Note it's own web site's WOT rating:
http://www.mywot.com/en/scorecard/fantapper.com?utm_source=addon&utm_content=popup-donuts

OptimizerPro, programs like this are totally useless and very often "optimize" something that should not be touched and therefore damaging the entire system and putting it at great risk. Especially a brand new top of the line computer like yours would have absolutely no need for "optimizing" and if it does it can and should be done manually only. This also is running All the time in the background too.

Here is WOT rating for this Optimizer home page:

http://www.mywot.com/en/scorecard/pcoptimizerpro.com?utm_source=addon&utm_content=popup-donuts

Yontoo Layers Runtime 1.10.01

Its home page also gets a poor WOT Rating.

http://www.mywot.com/en/scorecard/yontoo.com?utm_source=addon&utm_content=rw-viewsc

jholland1964
01-20-2013, 12:42 PM
After you have done the above, then do the following;

Download AdwCleaner and save it to your Desktop.

http://www.bleepingcomputer.com/download/adwcleaner/

Once the program is downloaded CLOSE all other unnecessary programs, browsers, media players, email programs, etc.

Open AdwCleaner.
Hit the Search button. The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.

To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

Please post back here with that log.

MikeN.
01-20-2013, 12:44 PM
Very suspicious files here I would upload both to http://virusscan.jotti.org/en

1996-11-06 20:26:48 49352 ----a-r- C:\Program Files\SETUP.EXE
1996-10-16 09:05:12 75776 ----a-r- C:\Program Files\SCR.EXE

Wrong #
01-20-2013, 01:08 PM
# AdwCleaner v2.106 - Logfile created 01/20/2013 at 13:02:42
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Chuck - CHUCKS-PC
# Boot Mode : Normal
# Running from : C:\Users\Chuck\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Chuck\AppData\Local\Conduit
Folder Deleted : C:\Users\Chuck\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Chuck\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chuck\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\ConduitCommon
Folder Deleted : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\CT3106574
Folder Deleted : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{256db8bc-7da7-4248-97cd-44e07216b7f1}
Folder Deleted : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106574
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject. 1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstalle r_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstalle r_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAP I32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMA NCS
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A 1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B1 1F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Wrong #
01-20-2013, 01:10 PM
***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=fmtgl&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\prefs.js

C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\user.js ... Deleted !

Deleted : user_pref("CT3106574..clientLogIsEnabled", false);
Deleted : user_pref("CT3106574..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3106574..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3106574.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3106574.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3106574.BrowserCompStateIsOpen_66631726169384145 10", true);
Deleted : user_pref("CT3106574.BrowserCompStateIsOpen_72126971490115151 30", true);
Deleted : user_pref("CT3106574.BrowserCompStateIsOpen_73578913610887416 36", true);
Deleted : user_pref("CT3106574.CTID", "CT3106574");
Deleted : user_pref("CT3106574.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT3106574.CurrentServerDate", "4-1-2012");
Deleted : user_pref("CT3106574.DSInstall", false);
Deleted : user_pref("CT3106574.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3106574.DialogsGetterLastCheckTime", "Wed Jan 04 2012 14:56:34 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT3106574.DownloadReferralCookieData", "");
Deleted : user_pref("CT3106574.EMailNotifierPollDate", "Wed Jan 04 2012 14:56:35 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT3106574.FirstServerDate", "4-1-2012");
Deleted : user_pref("CT3106574.FirstTime", true);
Deleted : user_pref("CT3106574.FirstTimeFF3", true);
Deleted : user_pref("CT3106574.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3106574.GroupingInvalidateCache", false);
Deleted : user_pref("CT3106574.GroupingLastCheckTime", "0");
Deleted : user_pref("CT3106574.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT3106574.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3106574.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3106574.HPInstall", false);
Deleted : user_pref("CT3106574.HasUserGlobalKeys", true);
Deleted : user_pref("CT3106574.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3106574.HomepageBeforeUnload", "chrome://foxtab/content/homepage.html");
Deleted : user_pref("CT3106574.Initialize", true);
Deleted : user_pref("CT3106574.InitializeCommonPrefs", true);
Deleted : user_pref("CT3106574.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3106574.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT3106574.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3106574.InstalledDate", "Wed Jan 04 2012 14:56:35 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT3106574.InvalidateCache", false);
Deleted : user_pref("CT3106574.IsAlertDBUpdated", true);
Deleted : user_pref("CT3106574.IsGrouping", false);
Deleted : user_pref("CT3106574.IsInitSetupIni", true);
Deleted : user_pref("CT3106574.IsMulticommunity", false);
Deleted : user_pref("CT3106574.IsOpenThankYouPage", false);
Deleted : user_pref("CT3106574.IsOpenUninstallPage", true);
Deleted : user_pref("CT3106574.LanguagePackLastCheckTime", "Wed Jan 04 2012 14:56:35 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT3106574.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3106574.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3106574.LastLogin_3.9.0.3", "Wed Jan 04 2012 14:56:35 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT3106574.LatestVersion", "3.8.1.0");
Deleted : user_pref("CT3106574.Locale", "en");
Deleted : user_pref("CT3106574.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3106574.MCDetectTooltipShow", false);
Deleted : user_pref("CT3106574.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3106574.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3106574.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3106574.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT3106574.RadioIsPodcast", false);
Deleted : user_pref("CT3106574.RadioLastCheckTime", "Wed Jan 04 2012 14:58:44 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT3106574.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT3106574.RadioMediaID", "21972189");
Deleted : user_pref("CT3106574.RadioMediaType", "Media Player");
Deleted : user_pref("CT3106574.RadioMenuSelectedID", "EBRadioMenu_CT310657421972189");
Deleted : user_pref("CT3106574.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3106574.RadioStationName", "Oldies");
Deleted : user_pref("CT3106574.RadioStationURL", "hxxp://www.sky.fm/wma/oldies_low.asx");
Deleted : user_pref("CT3106574.SearchCaption", "PC-Helpsoft Customized Web Search");
Deleted : user_pref("CT3106574.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3106574.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3106574.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...]
Deleted : user_pref("CT3106574.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3106574.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3106574.SearchInNewTabLastCheckTime", "Wed Jan 04 2012 14:56:35 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT3106574.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3106574.SearchProtectorEnabled", false);
Deleted : user_pref("CT3106574.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT3106574.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3106574.ServiceMapLastCheckTime", "Wed Jan 04 2012 14:56:34 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT3106574.SettingsLastCheckTime", "Wed Jan 04 2012 14:58:29 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT3106574.SettingsLastUpdate", "1323434232");
Deleted : user_pref("CT3106574.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106574&SearchSource=13");
Deleted : user_pref("CT3106574.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3106574.ThirdPartyComponentsLastCheck", "Wed Jan 04 2012 14:56:34 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT3106574.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3106574.ToolbarDisabled", true);
Deleted : user_pref("CT3106574.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3106574.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3106574");
Deleted : user_pref("CT3106574.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3106574.UserID", "UN07091218512474007");
Deleted : user_pref("CT3106574.ValidationData_Toolbar", 1);
Deleted : user_pref("CT3106574.WeatherNetwork", "");
Deleted : user_pref("CT3106574.WeatherPollDate", "Wed Jan 04 2012 14:56:36 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT3106574.WeatherUnit", "F");
Deleted : user_pref("CT3106574.alertChannelId", "1500512");
Deleted : user_pref("CT3106574.approveUntrustedApps", false);
Deleted : user_pref("CT3106574.autoDisableScopes", -1);
Deleted : user_pref("CT3106574.components.1000034", false);
Deleted : user_pref("CT3106574.components.1000082", false);
Deleted : user_pref("CT3106574.components.1000234", false);
Deleted : user_pref("CT3106574.components.129618450069708657", false);
Deleted : user_pref("CT3106574.components.129618450070704794", false);
Deleted : user_pref("CT3106574.components.129622434379450410", false);
Deleted : user_pref("CT3106574.components.129622435314294161", false);
Deleted : user_pref("CT3106574.components.488543319146451516", false);
Deleted : user_pref("CT3106574.components.6663172616938414510", false);
Deleted : user_pref("CT3106574.components.7212697149011515130", false);
Deleted : user_pref("CT3106574.components.7357891361088741636", false);
Deleted : user_pref("CT3106574.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3106574.globalFirstTimeInfoLastCheckTime", "Wed Jan 04 2012 14:56:34 GMT-0600 (Central [...]
Deleted : user_pref("CT3106574.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3106574.initDone", true);
Deleted : user_pref("CT3106574.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3106574.isFirstRadioInstallation", false);
Deleted : user_pref("CT3106574.myStuffEnabled", true);
Deleted : user_pref("CT3106574.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3106574.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3106574.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3106574.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3106574.revertSettingsEnabled", false);
Deleted : user_pref("CT3106574.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3106574.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3106574.testingCtid", "");
Deleted : user_pref("CT3106574.toolbarAppMetaDataLastCheckTime", "Wed Jan 04 2012 14:56:34 GMT-0600 (Central S[...]
Deleted : user_pref("CT3106574.toolbarContextMenuLastCheckTime", "Wed Jan 04 2012 14:56:35 GMT-0600 (Central S[...]
Deleted : user_pref("CT3106574.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106574/CT3106574[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500512/1495993/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106574", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106574",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbf[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Chuck\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.come2play.com/shared/appGame/main2/game.a[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=Z206&form=[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3106574");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3106574");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3106574");
Deleted : user_pref("CommunityToolbar.globalUserId", "a8145b4e-4149-403d-b58d-a7ea44e04988");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106574");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterL astCheckTime", "Wed Jan 04 2012 14:56:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckT ime", "Wed Jan 04 2012 14:58:29 GMT-060[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jan 04 2012 14:56:34 GMT-0600 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMi n", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "2b17af05-b7b2-4bc9-90cd-2302af81e869");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://foxtab/content/homepage.html");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke US New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&Sea[...]
Deleted : user_pref("extensions.50c6ae10c00dd.scode", "(function(){try{if('aol.com,mail.google.com,mystar t.inc[...]
Deleted : user_pref("extensions.50ce09ca535d4.scode", "(function(){try{if('aol.com,mail.google.com,mystar t.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulteng inename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEn gine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "wpl.startnow.com");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21811 octets] - [20/01/2013 12:59:49]
AdwCleaner[S1].txt - [22303 octets] - [20/01/2013 13:02:42]

########## EOF - C:\AdwCleaner[S1].txt - [22364 octets] ##########

MikeN.
01-20-2013, 01:18 PM
Did you upload those two files? What came of it if you did?

Wrong #
01-20-2013, 01:34 PM
Very suspicious files here I would upload both to http://virusscan.jotti.org/en

1996-11-06 20:26:48 49352 ----a-r- C:\Program Files\SETUP.EXE
1996-10-16 09:05:12 75776 ----a-r- C:\Program Files\SCR.EXE

SETUP.exe found nothing

SCR.exe =[ClamAV]+2013-01-20+PUA.Win32.Packer.Armadillo-92&pc=Z206&form=ZGAFDF&install_date=20111229

No results found for [ClamAV]+2013-01-20+PUA.Win32.Packer.Armadillo-92&pc=Z206&form=ZGAFDF&install_date=20111229.(VIA Bing search)

EDIT: Can they be removed?

MikeN.
01-20-2013, 01:38 PM
SETUP.exe found nothing

SCR.exe =[ClamAV]+2013-01-20+PUA.Win32.Packer.Armadillo-92&pc=Z206&form=ZGAFDF&install_date=20111229

No results found for [ClamAV]+2013-01-20+PUA.Win32.Packer.Armadillo-92&pc=Z206&form=ZGAFDF&install_date=20111229.(VIA Bing search)

EDIT: Can they be removed?

Manually delete them. You might have to reboot first since you "accessed" them.


Next do this:
Please Run the ESET Online Scanner
http://www.eset.com/onlinescan/

*If you use Internet Explorer to complete this scan , you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

Wrong #
01-20-2013, 01:52 PM
Manually delete them. You might have to reboot first since you "accessed" them.



I right clicked SETUP.EXE and clicked 'delete' and they both were removed...

jholland1964
01-20-2013, 02:03 PM
As you see TONS of malware on there removed by AdwCleaner. Very likely not all of it either.

After the ESET scan I will have another program for you to run that will help with other removals if needed.

Two I see listed in the DDS log were not removed and they will have to be removed using the other program I note above, that will come later.

SpeedMaxPc
http://www.mywot.com/en/scorecard/speedmaxpc.com?utm_source=addon&utm_content=popup-donuts
DriverCure
http://www.mywot.com/en/scorecard/drivercure.com?utm_source=addon&utm_content=popup-donuts

There is never any reason whatsover to use programs like these two or that Optimizer Program. There are dangerous without a doubt, they will ALWAYS find problems on a computer, even when there are no problems. This computer isn't even that old, slightly over a year in fact, if a new computer suddenly slows enough that you consider junk programs like these then that is a usual indication of malware, adding more malware like these just compounds the problems, does not cure them.

If you note Softonic registry was removed. Do NOT download from there ever again. Their downloads absolutely cannot be trusted.
There are only a few safe places that host files for download, Bleepingcomputer of course, Majorgeeks and Filehippo. If the program you want is not hosted one those sites, with developers permission, then the program should not be downloaded at all.

You also are going to have to change your WOT configurations, they obviously are not set up to really warn you that you are "stumbling" into an unsafe website. WOT should be configured to totally BLOCK a page, not just give a warning. I will show you how to do that later.

Another program you have installed, that is ok, but totally unneeded on a Windows 7 computer is Defraggler. Windows 7 has an excellent defrag program that can be set up automatically to check for fragmentation and defrag automatically if needed, it works extremely well.

Wrong #
01-20-2013, 04:47 PM
Manually delete them. You might have to reboot first since you "accessed" them.


Next do this:
Please Run the ESET Online Scanner
http://www.eset.com/onlinescan/

*If you use Internet Explorer to complete this scan , you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=010ff06a7d1c4a4492b35e24e65e5ee4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-20 10:20:28
# local_time=2013-01-20 04:20:28 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 5233590 134508700 0 0
# compatibility_mode=5893 16776574 100 94 0 110263878 0 0
# scanned=803184
# found=12
# cleaned=9
# scan_time=8262
C:\Users\All Users\Vaudix\50ce09ca536b9.ocx Win32/Adware.MultiPlug.E application 68C08DEDFAF509F0C31E24F0F817FEDF60136502 I
C:\Users\All Users\Vaudix\50ce09ca536f2.html Win32/Adware.MultiPlug.H application C0000715E43D56E9B91490FEB5B8BFB8A65BFA4E I
C:\Users\All Users\Vaudix\ajmekikachpihgjkpeebikpkkeopjemf.crx Win32/Adware.MultiPlug.H application 1781105669A05E15434F7C7FFC87DE16AD50AFFF I
C:\ProgramData\Vaudix\50ce09ca536b9.ocx Win32/Adware.MultiPlug.E application (cleaned by deleting - quarantined) 68C08DEDFAF509F0C31E24F0F817FEDF60136502 C
C:\ProgramData\Vaudix\50ce09ca536f2.html Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined) C0000715E43D56E9B91490FEB5B8BFB8A65BFA4E C
C:\ProgramData\Vaudix\ajmekikachpihgjkpeebikpkkeop jemf.crx Win32/Adware.MultiPlug.H application (deleted - quarantined) 1781105669A05E15434F7C7FFC87DE16AD50AFFF C
C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphejaioadpccdmclggdacnfgl knaoai\1.3_0\50c6ae10bff9a1.69464847.js Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined) 2CE61D580375E1DB5B54C5147DB7020D7F733FB9 C
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\50ce09ca53527@50 ce09ca53561.com\content\bg.js Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined) B5C93394CCD4A58EF68A69A5D4260145BDA4852A C
C:\Users\Chuck\Desktop\mplayer_Setup(1).exe a variant of Win32/Adware.iBryte.D application (cleaned by deleting - quarantined) 57530DCC185377D3DC8388BF7C5423638BE7627C C
C:\Users\Chuck\Desktop\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application (cleaned by deleting - quarantined) CB975C93A34010E109C50607313CE11DEAB11ED6 C
E:\HD 'F' backup\PORTABLE HD\System Volume Information\_restore{4B99DBEA-EBED-43A8-8577-653A6CAC1BCA}\RP1209\A0320426.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 7DF25CAABDCB8A65344326BF51AB3355199232F8 C
E:\HD 'F' backup\PORTABLE HD\System Volume Information\_restore{4B99DBEA-EBED-43A8-8577-653A6CAC1BCA}\RP1209\A0321658.exe a variant of Win32/Adware.ErrorClean application (cleaned by deleting - quarantined) 7DF25CAABDCB8A65344326BF51AB3355199232F8 C

jholland1964
01-20-2013, 05:19 PM
Good heavens! Surprised the computer was even running at all!:D
Notice where two of these files were found:
E:\HD 'F' backup\PORTABLE HD\
You may want to seriously consider dumping everything on there, no guarantee those are the only bad files in there.

Here is the next tool:
Download the latest version of OTL by OldTimer. from here:

http://oldtimer.geekstogo.com/OTL.exe
• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
o OTL.txt <-- Will be opened and that is the one I need posted back here
o Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

The logs are VERY long and every line is important so please split your posts accordingly.

Wrong #
01-20-2013, 06:10 PM
Good heavens! Surprised the computer was even running at all!:D
Notice where two of these files were found:

You may want to seriously consider dumping everything on there, no guarantee those are the only bad files in there.

Here is the next tool:
Download the latest version of OTL by OldTimer. from here:

http://oldtimer.geekstogo.com/OTL.exe
• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
o OTL.txt <-- Will be opened and that is the one I need posted back here
o Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

The logs are VERY long and every line is important so please split your posts accordingly.

To start with "E:\HD 'F' backup\PORTABLE HD\" is an image of the hard drive from my old computer, 81.7 GB, that I transferred to my new computer on an added 1T HD, VIA one of those patch cables that I got from WS. There are some programs that I have transferred to the 'C' drive, like my flight simulators and a few others that work with W7, as the old computer was an XP, so a lot probably can be removed.

Now on to doing the rest, as you have given instructions to do.

jholland1964
01-20-2013, 06:12 PM
Good enough. Just wanted to be sure that you noticed that and alert you of the possibilities. You just never know. There is no ONE program that looks for everything, why so many have to be run in this instance, when three for sure have found so many, don't want to take any chances.

Wrong #
01-20-2013, 06:22 PM
OTL logfile created on: 1/20/2013 6:13:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chuck\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 47.19% Memory free
7.83 Gb Paging File | 6.00 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 425.27 Gb Total Space | 332.46 Gb Free Space | 78.18% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 34.18 Gb Free Space | 85.45% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 819.14 Gb Free Space | 87.94% Space Free | Partition Type: NTFS

Computer Name: CHUCKS-PC | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chuck\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Premium\VaudiX\VaudiX.exe ()
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - E:\Program Files\VMware\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - E:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_50 2_146.dll ()
MOD - c:\Program Files (x86)\VaudiX\sprotector.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtGui4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtCore4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtXml4.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- E:\Program Files\VMware\vmware-authd.exe (VMware, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe (Microsoft Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe (Microsoft Corporation)
SRV - (SlingAgentService) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (CrucialSMBusScan) -- C:\Windows\SysNative\drivers\CrucialSMBusScan.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd2) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mr8980) -- C:\Windows\SysNative\drivers\mr8980x64.sys (Mars Semiconductor Corp.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbGps) -- C:\Windows\SysNative\drivers\lgx64gps.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (mr8980) -- C:\Windows\SysWOW64\drivers\MR8980x64.sys (Mars Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

Wrong #
01-20-2013, 06:23 PM
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CPmb64v527ICFStgMgodx2QAog&ptb=C9721867-9F8B-4BF3-80E2-38025DBD6706&psa=&ind=2012092919&st=sb&n=77ee19f7&searchfor={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 07 1B F7 17 C5 CC 01 [binary data]
IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\..\URLSearchHook: {256db8bc-7da7-4248-97cd-44e07216b7f1} - No CLSID value found
IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\..\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111229&iesrc={referrer:source}
IE - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://rrtp.comed.com/live-prices/"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: " http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search. defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search. selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_50 2_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_50 2_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/04 08:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 22:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 22:19:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 22:19:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 22:19:28 | 000,000,000 | ---D | M]

[2011/12/27 22:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Extensions
[2013/01/20 13:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions
[2012/10/10 06:42:58 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/10/02 20:30:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/12/16 11:48:45 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\50ce09ca53527@50 ce09ca53561.com
[2012/01/04 18:21:54 | 000,000,000 | ---D | M] (AP Layers) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\aplayers@jetpack
[2012/09/18 11:25:11 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\foxmarks@kei.com
[2012/01/04 18:21:53 | 000,000,000 | ---D | M] (GetDislike) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\getdislike@jetpa ck
[2012/12/14 18:44:13 | 000,002,323 | ---- | M] () (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{8B2AC248-3917-41cf-82A8-A583EBA5418C}.xpi
[2012/11/23 15:28:48 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/06 21:35:34 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/03/28 14:32:51 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2011/12/29 07:27:53 | 000,001,945 | ---- | M] () -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Pro files\vzqfrb7i.default\searchplugins\bing-zugo.xml
[2013/01/18 22:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/18 22:19:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/18 22:19:30 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/10 19:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/10/10 19:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Wrong #
01-20-2013, 06:27 PM
========== Chrome ==========

CHR - homepage: http://www.searchdu.com/?source=6c9df23a83db78b58fd19bb0681da22c
CHR - homepage: http://www.searchdu.com/?source=6c9df23a83db78b58fd19bb0681da22c
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacok ifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbho gbbokf\1.0.6_0\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\
CHR - Extension: No name found = C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphejaioadpccdmclggdacnfgl knaoai\1.3_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Vaudix Class) - {DE28295C-56B5-DAC3-0541-C1C115EF7669} - Reg Error: Value error. File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2821907295-809119807-2691565151-1000\..\Toolbar\WebBrowser: (no name) - {256DB8BC-7DA7-4248-97CD-44E07216B7F1} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2821907295-809119807-2691565151-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-2821907295-809119807-2691565151-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2821907295-809119807-2691565151-1000..\Run: [Video Performer63817.exe] "C:\Users\Chuck\AppData\Local\Temp\Video Performer63817.exe" /XML="C:\Users\Chuck\AppData\Local\Temp\30EF.tmp" /STP=0:2 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{698D7204-F98B-43C9-9878-8432FCC6A23B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\vaudix\sprote~1.dll) - c:\Program Files (x86)\VaudiX\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 14:30:18 | 000,000,048 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{13f8113e-3231-11e1-9024-14dae9cce6c8}\Shell - "" = AutoRun
O33 - MountPoints2\{13f8113e-3231-11e1-9024-14dae9cce6c8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{a5cd95ec-5622-11e1-91e6-14dae9cce6c8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5cd95ec-5622-11e1-91e6-14dae9cce6c8}\Shell\AutoRun\command - "" = F:\EasySuite.exe
O33 - MountPoints2\{efc95fe9-83b0-11e1-840b-14dae9cce6c8}\Shell - "" = AutoRun
O33 - MountPoints2\{efc95fe9-83b0-11e1-840b-14dae9cce6c8}\Shell\AutoRun\command - "" = F:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Wrong #
01-20-2013, 06:28 PM
========== Files/Folders - Created Within 30 Days ==========

[2013/01/20 18:10:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chuck\Desktop\OTL.exe
[2013/01/20 13:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/20 13:53:26 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Chuck\Desktop\esetsmartinstaller_enu.exe
[2013/01/20 12:43:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/20 11:35:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Chuck\Desktop\dds(1).com
[2013/01/20 11:26:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chuck\Desktop\dds.com
[2013/01/20 09:15:49 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{5D25FAD9-0650-40EC-B849-E4E0C0E8EDD3}
[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\SpeedMaxPc
[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\DriverCure
[2013/01/19 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2013/01/19 15:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/01/19 15:13:39 | 023,357,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Chuck\Desktop\SUPERAntiSpyware.exe
[2013/01/19 13:10:27 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Programs
[2013/01/19 10:57:02 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{97BD37DF-DC4A-4DEB-946D-DDAC41A907CB}
[2013/01/18 22:20:52 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{3ACC9FC0-3D4B-4BEA-BFFF-864CB0A2F8F0}
[2013/01/18 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 10:20:28 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{72D4188B-5451-455A-9657-841B2B417E2A}
[2013/01/17 19:29:51 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{1258B411-74B1-481D-B946-1235F952D36E}
[2013/01/17 07:19:08 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{04852F47-4167-472D-ACA0-9D03FE7D4C3D}
[2013/01/16 12:46:37 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{1EC6A931-9744-4CF1-9CAD-0FBAF2D7299B}
[2013/01/15 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{4390F1DB-59F7-4120-94BE-23E7236E393D}
[2013/01/15 10:14:50 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{F591CCC5-5282-4C9D-8D88-CC836BC32486}
[2013/01/14 11:28:22 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{2EC8A38D-5637-400C-A174-62FBD1DFAA66}
[2013/01/13 10:39:32 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{AC22A8D3-25A2-41E1-BD61-B6C72DE9CC32}
[2013/01/12 19:09:57 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{4DBC714A-9F59-4AA1-8F49-87A2755A5756}
[2013/01/12 04:05:15 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{41FA32B8-9941-4E93-AB46-D26307477554}
[2013/01/11 11:35:09 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{7F12FB8D-0421-4BC6-9FE0-9CFCA7C4CC06}
[2013/01/10 10:52:24 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{E0216A8F-E251-474E-86B3-6714FFB59094}
[2013/01/09 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{85BD26F9-B588-47E1-9A82-CA3B64A60090}
[2013/01/08 22:57:38 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{309E8DB5-C032-4B8D-AE2F-4BB7604914F2}
[2013/01/08 10:21:18 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{1257B8EB-0926-4A10-A98F-57BC6A9DD782}
[2013/01/07 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{A1239F04-61C5-42B0-80F9-D9AC39C91FB4}
[2013/01/06 13:19:53 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{4E4C8FC8-C718-40B7-93D8-F2F96743241B}
[2013/01/05 23:55:17 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{ECC19A4E-50AA-458B-8340-14451139BB01}
[2013/01/05 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{CE990682-3231-40AB-921D-EBF7B966A22B}
[2013/01/04 21:55:17 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{890433B4-B845-4847-828A-1F357580F2B4}
[2013/01/04 09:54:48 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{C7F933CD-E278-4F57-9816-292268BB3B96}
[2013/01/03 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{051DF4A1-3857-4895-AC58-6C5B462F0D97}
[2013/01/02 19:15:38 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{B3BD63E2-25E1-48BD-B744-D9F560AB5C5E}
[2013/01/02 18:18:47 | 000,000,000 | ---D | C] -- C:\Users\Chuck\Desktop\SnagIt 7
[2013/01/02 05:32:39 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{286160F1-9B13-4210-9DFF-9C5384E5BCED}
[2013/01/01 11:07:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{A5180FF2-95EA-4F9F-B2B6-49056A70E271}
[2012/12/31 22:45:57 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{BBD5FC25-0623-4A7B-B980-7A932041628A}
[2012/12/31 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{3F4C146C-540B-4BC2-A08E-46B3061C33D0}
[2012/12/30 11:38:13 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{48C905AD-7DF5-4770-B91F-29B785BAD15A}
[2012/12/29 22:17:23 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{E2CA15BA-D24A-4B8D-A625-65F854943BD7}
[2012/12/29 09:59:58 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{C2FAF43C-71DF-47AC-986A-C3248B3AB16F}
[2012/12/28 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{F486439D-B316-4732-99CE-01793EFE7630}
[2012/12/27 23:54:01 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{F158460A-B6CC-4DB8-80B8-8C4A1182E80A}
[2012/12/27 11:53:33 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{8BC90E2E-68D4-4FF5-99FA-0456132717D3}
[2012/12/26 10:22:47 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{C510B5FB-1B8E-4C86-B0B0-16DBD48CB7F3}
[2012/12/25 12:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Paessler
[2012/12/25 12:14:41 | 000,000,000 | ---D | C] -- C:\usr
[2012/12/25 12:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRTG Network Monitor
[2012/12/25 12:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PRTG Network Monitor
[2012/12/25 10:58:38 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{5B11A660-B334-4485-9A05-E5128AA586A1}
[2012/12/24 22:58:14 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{9C484515-9746-4DAB-8CD6-A07C52B2609D}
[2012/12/24 00:16:27 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{5B094E38-7FD9-4A7B-A32E-F08558B11E7B}
[2012/12/23 11:45:51 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{DB73B820-C6A8-41BE-B920-CEE499A83170}
[2012/12/22 13:08:06 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{C2AC707C-58FB-4407-870C-0F73DE1B796A}
[2012/12/21 22:24:39 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\{EFE1CA57-346E-4888-89EA-A419029A45F2}
[2012/12/21 18:30:29 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\Skype
[2012/12/21 18:30:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/12/21 18:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/21 18:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/12/21 18:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/12/21 18:28:32 | 001,194,160 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Chuck\Desktop\SkypeSetup.exe
[2012/12/09 19:35:36 | 001,633,472 | ---- | C] (Shlemoon Media Inc) -- C:\Users\Chuck\AppData\Roaming\vioplayer_d429057.e xe
[2012/12/09 19:35:34 | 000,526,336 | ---- | C] (BrowserSetter) -- C:\Users\Chuck\AppData\Roaming\bsetter-new.exe
[2012/12/09 19:35:11 | 006,312,677 | ---- | C] (VIO ) -- C:\Users\Chuck\AppData\Roaming\vio_clean.exe
[2012/12/09 19:35:10 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Users\Chuck\AppData\Roaming\satoolbar.exe
[2012/01/04 18:46:21 | 000,869,376 | ---- | C] (Fred's Software) -- C:\Program Files\Printkey2000.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/20 18:10:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chuck\Desktop\OTL.exe
[2013/01/20 18:10:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 17:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:54:57 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 13:54:57 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 13:54:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Chuck\Desktop\esetsmartinstaller_enu.exe
[2013/01/20 13:53:56 | 000,731,606 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/20 13:53:56 | 000,628,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/20 13:53:56 | 000,108,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/20 13:47:39 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/01/20 13:47:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 13:47:36 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\VaudiXUpdaterTask{EE95D134-8B5E-42D2-B9DB-AF2198DB849B}.job
[2013/01/20 13:47:36 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\VaudiXUpdaterTask{688B2995-4EF0-42F4-B3BB-C8C5A14E4961}.job
[2013/01/20 13:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 13:47:07 | 3152,248,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/20 12:58:14 | 000,574,677 | ---- | M] () -- C:\Users\Chuck\Desktop\AdwCleaner.exe
[2013/01/20 12:43:27 | 000,001,372 | ---- | M] () -- C:\Users\Chuck\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/20 11:35:53 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Chuck\Desktop\dds(1).com
[2013/01/20 11:27:03 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chuck\Desktop\dds.com
[2013/01/19 15:14:50 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/19 15:13:44 | 023,357,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Chuck\Desktop\SUPERAntiSpyware.exe
[2013/01/19 13:11:03 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/08 19:45:11 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 19:45:11 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/02 18:19:16 | 000,001,053 | ---- | M] () -- C:\Users\Chuck\Desktop\SnagIt32.exe - Shortcut.lnk
[2012/12/25 20:38:21 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/25 20:38:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/23 07:38:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/12/21 18:30:26 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/21 18:28:33 | 001,194,160 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Chuck\Desktop\SkypeSetup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/20 12:58:13 | 000,574,677 | ---- | C] () -- C:\Users\Chuck\Desktop\AdwCleaner.exe
[2013/01/19 15:14:50 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/02 18:19:16 | 000,001,053 | ---- | C] () -- C:\Users\Chuck\Desktop\SnagIt32.exe - Shortcut.lnk
[2012/12/21 18:30:26 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/06 15:37:53 | 000,000,000 | ---- | C] () -- C:\Users\Chuck\ipconfig
[2012/06/22 17:46:08 | 000,000,023 | ---- | C] () -- C:\Windows\Solitaire.ini
[2012/06/04 23:40:36 | 000,007,650 | ---- | C] () -- C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg
[2012/04/08 22:47:37 | 000,001,058 | ---- | C] () -- C:\Users\Chuck\Music - Shortcut.lnk
[2012/04/07 14:34:48 | 000,000,048 | ---- | C] () -- C:\Windows\sierra.ini
[2012/04/07 12:20:43 | 000,000,475 | ---- | C] () -- C:\Windows\eReg.dat
[2012/04/06 17:49:43 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/02/15 21:52:35 | 000,000,088 | ---- | C] () -- C:\Windows\YAHTZEE.INI
[2012/01/13 20:42:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/11 14:37:58 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/01/09 15:50:29 | 001,956,892 | ---- | C] () -- C:\Users\Chuck\AppData\Roaming\UserTile.png
[2012/01/07 18:37:25 | 000,000,383 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/12/30 21:56:27 | 000,002,914 | R--- | C] () -- C:\Program Files\HOTICO3.BMP
[2011/12/30 21:56:27 | 000,002,914 | R--- | C] () -- C:\Program Files\HOTICO2.BMP
[2011/12/30 21:56:27 | 000,002,914 | R--- | C] () -- C:\Program Files\HOTICO1.BMP
[2011/10/17 09:26:03 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\syx45326.dat
[2011/10/17 06:39:17 | 000,744,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 13:49:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/02 13:49:17 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/02 13:48:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 321 bytes -> C:\ProgramData\Temp:9A870F8B

< End of report >

jholland1964
01-20-2013, 06:46 PM
As you can see, a very long log to go through, give me a bit to do that and I will come back with more instructions.

Wrong #
01-20-2013, 06:55 PM
As you can see, a very long log to go through, give me a bit to do that and I will come back with more instructions.

I don't know what I'm looking for but under Internet Explorer I see this, and it is what I started with.

IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CPmb64v527 ICFStgMgodx2QAog&ptb=C9721867-9F8B-4BF3-80E2-38025DBD6706&psa=&ind=2012092919&st=sb&n=77ee19f7& searchfor={searchTerms}

jholland1964
01-20-2013, 07:52 PM
Please open OTL again:

Under the Custom Scans/Fixes box at the bottom, paste in the following:

OTL:
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CPmb64v527

[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\SpeedMaxPc
[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\DriverCure
[2013/01/19 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/12/09 19:35:36 | 001,633,472 | ---- | C] (Shlemoon Media Inc) -- C:\Users\Chuck\AppData\Roaming\vioplayer_d429057.e xe
[2012/12/09 19:35:34 | 000,526,336 | ---- | C] (BrowserSetter) -- C:\Users\Chuck\AppData\Roaming\bsetter-new.exe
[2012/12/09 19:35:11 | 006,312,677 | ---- | C] (VIO ) -- C:\Users\Chuck\AppData\Roaming\vio_clean.exe
[2012/12/09 19:35:10 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Users\Chuck\AppData\Roaming\satoolbar.exe

@Alternate Data Stream - 321 bytes -> C:\ProgramData\Temp:9A870F8B

:Commands

[EMPTYTEMP]

Then click the Run Fix button at the top
Let the program run, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Wrong #
01-20-2013, 08:01 PM
Please open OTL again:

Under the Custom Scans/Fixes box at the bottom, paste in the following:



Then click the Run Fix button at the top
Let the program run, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

All processes killed
Error: Unable to interpret <OTL:> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CPmb64v527> in the current context!
Error: Unable to interpret <[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\SpeedMaxPc> in the current context!
Error: Unable to interpret <[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\DriverCure> in the current context!
Error: Unable to interpret <[2013/01/19 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc> in the current context!
Error: Unable to interpret <[2012/12/09 19:35:36 | 001,633,472 | ---- | C] (Shlemoon Media Inc) -- C:\Users\Chuck\AppData\Roaming\vioplayer_d429057.e xe> in the current context!
Error: Unable to interpret <[2012/12/09 19:35:34 | 000,526,336 | ---- | C] (BrowserSetter) -- C:\Users\Chuck\AppData\Roaming\bsetter-new.exe> in the current context!
Error: Unable to interpret <[2012/12/09 19:35:11 | 006,312,677 | ---- | C] (VIO ) -- C:\Users\Chuck\AppData\Roaming\vio_clean.exe> in the current context!
Error: Unable to interpret <[2012/12/09 19:35:10 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Users\Chuck\AppData\Roaming\satoolbar.exe> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 321 bytes -> C:\ProgramData\Temp:9A870F8B> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chuck
->Temp folder emptied: 919784079 bytes
->Temporary Internet Files folder emptied: 386590113 bytes
->Java cache emptied: 6827988 bytes
->FireFox cache emptied: 104133592 bytes
->Google Chrome cache emptied: 46854904 bytes
->Flash cache emptied: 612409 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22598534 bytes
%systemroot%\system32\config\systemprofile\AppData \Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5230815 bytes
%systemroot%\system32\config\systemprofile\AppData \LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 1067390 bytes

Total Files Cleaned = 1,425.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01202013_195427

Files\Folders moved on Reboot...
C:\Users\Chuck\AppData\Local\Temp\FXSAPIDebugLogFi le.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2720.log moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

jholland1964
01-20-2013, 08:06 PM
What a "doofus" I am:o
What I get for writing this while watching football!!!

Sorry, let's try again:

:OTL
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S03386^us&si=CPmb64v527

[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\SpeedMaxPc
[2013/01/19 20:09:16 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Roaming\DriverCure
[2013/01/19 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/12/09 19:35:36 | 001,633,472 | ---- | C] (Shlemoon Media Inc) -- C:\Users\Chuck\AppData\Roaming\vioplayer_d429057.e xe
[2012/12/09 19:35:34 | 000,526,336 | ---- | C] (BrowserSetter) -- C:\Users\Chuck\AppData\Roaming\bsetter-new.exe
[2012/12/09 19:35:11 | 006,312,677 | ---- | C] (VIO ) -- C:\Users\Chuck\AppData\Roaming\vio_clean.exe
[2012/12/09 19:35:10 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Users\Chuck\AppData\Roaming\satoolbar.exe

@Alternate Data Stream - 321 bytes -> C:\ProgramData\Temp:9A870F8B

:Commands

[Reboot]

Wrong #
01-20-2013, 08:13 PM
What a "doofus" I am:o
What I get for writing this while watching football!!!

Sorry, let's try again:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f 5-5616-47cd-a95f-e43b488faccf}\ not found.
C:\Users\Chuck\AppData\Roaming\SpeedMaxPc\SpeedMax Pc folder moved successfully.
C:\Users\Chuck\AppData\Roaming\DriverCure folder moved successfully.
C:\ProgramData\SpeedMaxPc\SpeedMaxPc folder moved successfully.
File C:\Users\Chuck\AppData\Roaming\vioplayer_d429057.e xe not found.
C:\Users\Chuck\AppData\Roaming\bsetter-new.exe moved successfully.
C:\Users\Chuck\AppData\Roaming\vio_clean.exe moved successfully.
C:\Users\Chuck\AppData\Roaming\satoolbar.exe moved successfully.
ADS C:\ProgramData\Temp:9A870F8B deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01202013_200752

jholland1964
01-20-2013, 08:23 PM
Some thing you need to manually look for and that is sweetim.toolbar in Firefox, if you find it, remove it. It also is malware.
Also make certain that mywebsearch shows no place in either Firefox or Chrome. OTL doesn't fix those two browsers, they have to be done manually.

After that, update MBA-M and do another Full Scan with it, have it remove everything found and post back with the log.

Wrong #
01-20-2013, 10:15 PM
Some thing you need to manually look for and that is sweetim.toolbar in Firefox, if you find it, remove it. It also is malware.
Also make certain that mywebsearch shows no place in either Firefox or Chrome. OTL doesn't fix those two browsers, they have to be done manually.

After that, update MBA-M and do another Full Scan with it, have it remove everything found and post back with the log.

Could not find sweetim.toolbar..
mywebsearch is no where to be seen, it is clean in all browsers.

As you can see I ran (C:\|E:\|), to be sure all was clean.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: CHUCKS-PC [administrator]

1/20/2013 8:45:57 PM
mbam-log-2013-01-20 (20-45-57).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 981297
Time elapsed: 1 hour(s), 21 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
I hope this is done now, if so, many thanks.

jholland1964
01-20-2013, 10:35 PM
Last steps;
Please start OTL one more time and click CleanUp button. This will remove the temporary tools used, including itself. OTL will restart your system at the end.

You need to configure WOT properly so it really does what it is supposed to do, yours is not operating to its fullest potential. Look at my print screens to see optimal settings.
On Firefox go to Tools, WOT, Settings

On IE go to the WOT Icon ON IE and click the tiny arrow there and choose settings, I don't use Chrome so am not sure where it is located in Chrome, you will have to check that out yourself. WOT settings must be done on each browser that you have it installed, the settings do not carry over from one browser to another.

But the optimal and very safest settings are shown in my print screens: Take note of the Warning print screen, the 2nd one. Make sure those switches next to each category are in the ON position...up in other words. You have to set each one yourself. You DO need those warnings ON.

allniter89
01-21-2013, 12:20 PM
Excuse me for butting into this thread, I have a question from post #18.
Another program you have installed, that is ok, but totally unneeded on a Windows 7 computer is Defraggler. Windows 7 has an excellent defrag program that can be set up automatically to check for fragmentation and defrag automatically if needed, it works extremely well.
I googled windows defragger, I'm not sure which you are referring to, is it the one from Piroform? Thanks for your help.

jholland1964
01-21-2013, 12:48 PM
Excuse me for butting into this thread, I have a question from post #18.

I googled windows defragger, I'm not sure which you are referring to, is it the one from Piroform? Thanks for your help.

Yes it is. As I said, the program itself is fine, used it on XP for a long time and still recommend its usages on XP but it just isn't needed on Windows 7. Their built in Windows 7 defrag program is totally different from the built in of the past. It works extremely well and has for me for over two years.

allniter89
01-21-2013, 02:42 PM
Yes it is. As I said, the program itself is fine, used it on XP for a long time and still recommend its usages on XP but it just isn't needed on Windows 7. Their built in Windows 7 defrag program is totally different from the built in of the past. It works extremely well and has for me for over two years.
I have Windows 5.1 :o:o Is this defrag still a good tool for me?

MikeN.
01-21-2013, 03:31 PM
You have XP w SP3 installed, yes it works for you.

MikeN.
01-22-2013, 07:01 PM
Last steps;
Please start OTL one more time and click CleanUp button. This will remove the temporary tools used, including itself. OTL will restart your system at the end.

You need to configure WOT properly so it really does what it is supposed to do, yours is not operating to its fullest potential. Look at my print screens to see optimal settings.
On Firefox go to Tools, WOT, Settings

On IE go to the WOT Icon ON IE and click the tiny arrow there and choose settings, I don't use Chrome so am not sure where it is located in Chrome, you will have to check that out yourself. WOT settings must be done on each browser that you have it installed, the settings do not carry over from one browser to another.

But the optimal and very safest settings are shown in my print screens: Take note of the Warning print screen, the 2nd one. Make sure those switches next to each category are in the ON position...up in other words. You have to set each one yourself. You DO need those warnings ON.

Is this thread finished? Have not seen any replies from OP since this one. ???????????

Wrong #
01-22-2013, 07:09 PM
Is this thread finished? Have not seen any replies from OP since this one. ???????????

Yes, everything has been cleaned out, thanks to you and Judy....
Thread can be closed.....

jholland1964
01-24-2013, 12:02 PM
Yes, everything has been cleaned out, thanks to you and Judy....
Thread can be closed.....

You're welcome Wrong#. Glad we caught this all before something more serious "erupted":D