boneius Posted April 6, 2013 ID:665750 Share Posted April 6, 2013 Hi,Our ISP has a cap on ourbandwidth usage. They provide a free meter. We kept getting notices that we were approaching the 250 GB threshold. I was perplexed because for the month of December we used just 66 GB and all of a sudden, we were using 375 GB the next month. Today, I ran a malwarebytes scan of my system. It said I had trojan.agent and malware.packer. There were a few others but they weren't considered dangerous. Anyway, I had the software quarantine and delete it, and it wasn't there when I ran another scan. Since them, I have been on this forum looking into what more I might do. I don't want to have a false sense of security if there is still a chance that there is an infection. What should I do?Thanks,JimHere are the reports:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2Run by owner at 16:54:51 on 2013-04-06Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7935.5610 [GMT -5:00].AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Users\owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exeC:\Program Files (x86)\DU Meter\DUMeterSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\PROGRA~2\DUMETE~1\DUMeter.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\SysWOW64\schtasks.exeC:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exeC:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exeC:\Windows\system32\msiexec.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.babylon.com/?affID=115303&tt=120912_cpc_3712_4&babsrc=HP_ss&mntrId=ce602d970000000000002c27d72d26dbmWinlogon: Userinit = userinit.exe,BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dllBHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [DU Meter] "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostartmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exemRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTrusted Zone: line6.netDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{003C63EA-8AD1-4684-8AE9-9CB5D5674BF0} : DHCPNameServer = 168.94.0.14 168.94.0.15TCP: Interfaces\{3F9CACF0-61A2-44F4-91B8-A1F99C6F2379} : DHCPNameServer = 192.168.1.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~3\browse~1\261125~1.80\{16cdf~1\browse~1.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dllFF - plugin: C:\Windows\System32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.---- FIREFOX POLICIES ----.user_pref('extensions.dealply.partner', 'vita');.user_pref('extensions.dealply.channel', 'vitausfilewincom');.user_pref('extensions.dealply.installId', 'v24300244033583513529172012091423334926');.user_pref('extensions.dealply.installIdSource', 'inst');.user_pref('extensions.dealply.sampleGroup', '6');FF - user.js: extensions.BabylonToolbar.autoRvrt - falseFF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ce602d970000000000002c27d72d26db&q=FF - user.js: extensions.BabylonToolbar.id - ce602d970000000000002c27d72d26dbFF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}FF - user.js: extensions.BabylonToolbar.instlDay - 15598FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1223:35:13FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - baseFF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115303&tt=120912_cpc_3712_4FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.autoDisableScopes - 14//iBryte============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-19 75904]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-19 38016]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-17 55952]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys [2012-4-3 450680]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys [2012-4-3 912504]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20130405.001\IDSviA64.sys [2013-4-5 513184]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\ironx64.sys [2012-4-3 171128]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\symnets.sys [2012-4-3 386168]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-19 203264]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2013-3-8 2569168]R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-9-14 107520]R2 DUMeterSvc;DU Meter Service;C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2013-4-6 2385304]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-6 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-6 682344]R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-19 1127448]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-12 46136]R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;C:\Program Files (x86)\DU Meter\DUMetr64.sys [2013-4-6 20968]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-6 24176]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-4-19 1041760]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-19 412776]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-19 38456]S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/12 20:41:53;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\Windows\System32\drivers\GPWADrv64.sys [2010-3-9 894336]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-9-12 16384]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-4 1255736]S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-12-24 29288]S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-12-24 29288]S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-12-24 29288]S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-12-24 29288]S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-12-24 29288]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-04-06 21:45:27 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-04-06 21:45:27 -------- d-----w- C:\Program Files (x86)\Trend Micro2013-04-06 17:11:35 -------- d-----w- C:\ProgramData\Hagel Technologies2013-04-06 17:11:26 -------- d-----w- C:\Program Files (x86)\DU Meter2013-04-06 16:21:11 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes2013-04-06 16:20:42 -------- d-----w- C:\ProgramData\Malwarebytes2013-04-06 16:20:40 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-04-06 16:20:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-04-06 16:20:28 -------- d-----w- C:\Users\owner\AppData\Local\Programs2013-04-06 14:05:11 -------- d-----w- C:\ProgramData\Paessler2013-04-06 14:05:05 -------- d-----w- C:\usr2013-04-06 14:04:58 -------- d-----w- C:\ProgramData\Logs2013-04-06 14:04:58 -------- d-----w- C:\ProgramData\Licenses2013-04-06 14:03:52 -------- d-----w- C:\Program Files (x86)\PRTG Network Monitor2013-04-06 02:37:47 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-26 01:38:21 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys2013-03-14 04:34:12 -------- d-----w- C:\Users\owner\AppData\Roaming\DealPly.==================== Find3M ====================.2013-04-06 02:37:37 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2013-04-06 02:37:36 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-03-13 04:27:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-13 04:27:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll2013-01-13 02:53:02 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe2013-01-13 02:37:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-01-13 02:37:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-01-13 02:37:08 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll.============= FINISH: 16:55:49.90 ===============DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 7/4/2011 2:51:47 PMSystem Uptime: 4/6/2013 2:07:12 PM (2 hours ago).Motherboard: FOXCONN | | 2AB1Processor: AMD Phenom II X4 960T Processor | CPU 1 | 780/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1386 GiB total, 593.496 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.366 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP140: 3/8/2013 12:00:04 AM - Scheduled CheckpointRP141: 3/14/2013 3:00:11 AM - Windows UpdateRP142: 3/22/2013 12:00:05 AM - Scheduled CheckpointRP143: 3/26/2013 3:00:12 AM - Windows UpdateRP144: 4/3/2013 12:00:05 AM - Scheduled CheckpointRP145: 4/5/2013 9:34:46 PM - Removed Java 6 Update 37RP146: 4/5/2013 9:37:04 PM - Installed Java 7 Update 17RP147: 4/6/2013 4:44:47 PM - Installed HiJackThis.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6)Agatha Christie - Peril at End HouseAMD APP SDK RuntimeAMD FuelAMD VISION Engine Control CenterAmpliTube 2 LiveApple Application SupportApple Mobile Device SupportApple Software UpdateASPCA Reminder by We-Care.com v4.1.21.1ATI Catalyst Install ManagerATI Problem Report WizardBejeweled 2 DeluxeBejeweled 3Blackhawk Striker 2Blasterball 3BlioBonjourBounce SymphonyBrowser ManagerBuild-a-lot 2Cake ManiaCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChuzzle DeluxeConvertXtoDVD 4.1.19.365Coupon Companion PluginCyberLink PowerProducer 5.5D3DX10dcmsvc 1.0DealPlyDefaultTabDiner Dash 2 Restaurant RescueDora's World AdventureDU MeterFarm FrenzyFATE - The Traitor SoulHiJackThisHP AutoHP Client ServicesHP Customer Experience EnhancementsHP GamesHP LinkUpHP MediaSmart/TouchSmart NetflixHP OdometerHP SetupHP Setup ManagerHP Support InformationHP UpdateHP Vision Hardware DiagnosticsHulu DesktopHydraVisioniCloudImgBurnInfoAtoms [uninstall]iTunesJava 7 Update 17Java Auto UpdaterJunk Mail filter updateKoboKONICA MINOLTA magicolor 2530DLLG Burning ToolLG CyberLink BD AdvisorLG CyberLink Blu-ray Disc SuiteLG CyberLink LabelPrintLG CyberLink MediaEspressoLG CyberLink MediaShowLG CyberLink PowerBackupLG CyberLink PowerDVDLG CyberLink YouCamLG Tool KitLightScribe System SoftwareLine 6 UninstallerMah Jong MedleyMalwarebytes Anti-Malware version 1.70.0.1100Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft IntelliPoint 8.2Microsoft IntelliType Pro 8.2Microsoft Office 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WSE 3.0 RuntimeMozilla Firefox 19.0.2 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64Mystery P.I. - Stolen in San FranciscoNamco All-Stars PAC-MANNorton AntiVirusNorton Online BackupOmron Health Management SoftwarePDF Complete Special EditionPenguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64PlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPowerTeacher GradebookPressReaderQuickTimeRealtek High Definition Audio DriverRecovery ManagerRemote Graphics ReceiverRiffWorks StandardRoxioNow PlayerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Slingo SupremeTMPGEnc Authoring Works 4Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update Installer for WildTangent Games AppVirtual Villagers 4 - The Tree of LifeVLC media player 2.0.1Warner Bros. Digital Copy ManagerWheel of Fortune 2WildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows XP ModeWinRAR 4.01 (64-bit)Zinio Reader 4Zuma Deluxe.==== Event Viewer Messages From Past Week ========.4/6/2013 3:43:41 PM, Error: Service Control Manager [7031] - The Browser Manager service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/6/2013 3:29:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Browser Manager service, but this action failed with the following error: An instance of the service is already running.4/6/2013 3:29:16 PM, Error: Service Control Manager [7031] - The Browser Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/6/2013 3:27:48 PM, Error: Service Control Manager [7031] - The Browser Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.4/6/2013 2:09:47 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.4/6/2013 2:07:47 PM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified..==== End Of File =========================== Link to post Share on other sites More sharing options...
Tomk1 Posted April 7, 2013 ID:665836 Share Posted April 7, 2013 Hi boneius,Welcome to Malwarebytes ForumMy name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.I don't know if it is the cause of your over usage, but you've got quite a bit of adware on there.AdwCleaner Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Then:Please download Junkware Removal Tool by clicking here and save it to your desktop. Shutdown your antivirus to avoid any conflicts.Double click JRT.exe to run the tool.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Link to post Share on other sites More sharing options...
boneius Posted April 8, 2013 Author ID:666144 Share Posted April 8, 2013 Hello, Tom,Thank you for agreeing to help me out here. I went ahead and ran the two programs that you asked. Below are the log files. Also, yesterday I ran Roguekiller on my own after reading in these forums, and it came up with User! - LL2...KO. I researched that and it sounded like that might be bad, so I fixed the MBR using a program recommended on here. Anyway, I wanted to let you know about that.Here are those logs and thanks again!# AdwCleaner v2.200 - Logfile created 04/07/2013 at 21:45:27# Updated 02/04/2013 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (64 bits)# User : owner - OWNER-HP# Boot Mode : Normal# Running from : C:\Users\owner\Desktop\adwcleaner.exe# Option [Delete]***** [services] *****Stopped & Deleted : Browser ManagerStopped & Deleted : DefaultTabUpdate***** [Files / Folders] *****Deleted on reboot : C:\ProgramData\Browser ManagerFile Deleted : C:\ENDFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xmlFile Deleted : C:\user.jsFile Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\bProtector Web DataFile Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\bprotector_extensions.sqliteFile Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\bprotector_prefs.jsFile Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\extensions\addon@defaulttab.com.xpiFile Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\searchplugins\BabylonMngr.xmlFile Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\searchplugins\search-here.xmlFile Deleted : C:\Users\Public\Desktop\eBay.lnkFolder Deleted : C:\Program Files (x86)\Coupon Companion PluginFolder Deleted : C:\Program Files (x86)\DealPlyFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPlyFolder Deleted : C:\ProgramData\WeCareReminderFolder Deleted : C:\Users\owner\AppData\Local\Coupon Companion PluginFolder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjpFolder Deleted : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefphFolder Deleted : C:\Users\owner\AppData\Local\WajamFolder Deleted : C:\Users\owner\AppData\Local\Zoom_DownloaderFolder Deleted : C:\Users\owner\AppData\Roaming\BabylonFolder Deleted : C:\Users\owner\AppData\Roaming\DealPlyFolder Deleted : C:\Users\owner\AppData\Roaming\DefaultTabFolder Deleted : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser ManagerFolder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\extensions\wecarereminder@bryan***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\DefaultTabKey Deleted : HKCU\Software\BrowserMngrKey Deleted : HKCU\Software\Cr_InstallerKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\DealPlyKey Deleted : HKCU\Software\Default TabKey Deleted : HKCU\Software\DefaultTabKey Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipjeKey Deleted : HKCU\Software\InstalledBrowserExtensionsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\wecarereminderKey Deleted : HKCU\Software\853d8d9b668e546Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\Software\BabylonKey Deleted : HKLM\Software\BabylonToolbarKey Deleted : HKLM\Software\BrowserMngrKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLLKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHOKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.SandboxKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminderKey Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}Key Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\DealPlyKey Deleted : HKLM\Software\Default TabKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Wow6432Node\853d8d9b668e546Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipjeKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjpKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefphKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPlyKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKU\S-1-5-21-986299353-3012832721-1050623703-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16470Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=115303&tt=120912_cpc_3712_4&babsrc=HP_ss&mntrId=ce602d970000000000002c27d72d26db --> hxxp://www.google.comReplaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115303&tt=120912_cpc_3712_4&babsrc=NT_ss&mntrId=ce602d970000000000002c27d72d26db --> hxxp://www.google.com-\\ Mozilla Firefox v19.0.2 (en-US)File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\prefs.jsC:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\user.js ... Deleted !Deleted : user_pref("extensions.BabylonToolbar.admin", false);Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);Deleted : user_pref("extensions.BabylonToolbar.id", "ce602d970000000000002c27d72d26db");Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15598");Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115303&tt=120912_cpc_3712_4");Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1223:35:13");Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1362007961);Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1362007961");Deleted : user_pref("extensions.crossriderapp21804.bic", "13d1e002c595270908ede28b039a4d92");Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1362007961);Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22712798);Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22712802);Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]*************************AdwCleaner[R1].txt - [13621 octets] - [07/04/2013 21:43:33]AdwCleaner[s1].txt - [12994 octets] - [07/04/2013 21:45:27]########## EOF - C:\AdwCleaner[s1].txt - [13055 octets] ##########Junkware Removal Tool (JRT) by ThisisuVersion: 4.8.3 (04.05.2013:1)OS: Windows 7 Professional x64Ran by owner on Sun 04/07/2013 at 21:51:46.07~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\browser manager"Successfully deleted: [Folder] "C:\Users\owner\appdata\local\jollywallet"Successfully deleted: [Folder] "C:\Users\owner\appdata\local\updater21804"Successfully deleted: [Folder] "C:\Program Files (x86)\infoatoms"~~~ FireFoxSuccessfully deleted: [File] C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\vsylsh6n.default\invalidprefs.jsSuccessfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com"Successfully deleted: [Folder] C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\vsylsh6n.default\extensions\extension21804@extension21804.comSuccessfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\infoatoms@infoatoms.comSuccessfully deleted the following from C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\vsylsh6n.default\prefs.jsuser_pref("extensions.crossrider.bic", "13d1e002c595270908ede28b039a4d92");user_pref("extensions.defaulttab.active.affiliate", 4001);user_pref("extensions.defaulttab.active.overridechromesearch", false);user_pref("extensions.defaulttab.active.overridekeywordsearch", false);user_pref("extensions.defaulttab.browserID", "FEF1155747571BCE4DD9431F82E0DB0F");user_pref("extensions.defaulttab.firstrun", false);user_pref("extensions.defaulttab.installedVersion", "1.4.2");Emptied folder: C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\vsylsh6n.default\minidumps [11 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 04/07/2013 at 22:00:12.95End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Tomk1 Posted April 8, 2013 ID:666260 Share Posted April 8, 2013 Now please post a new set of DDS logs so I can see where we stand. Link to post Share on other sites More sharing options...
boneius Posted April 9, 2013 Author ID:666607 Share Posted April 9, 2013 Here you go, and thanks again!DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2Run by owner at 9:01:14 on 2013-04-09Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7935.6159 [GMT -5:00].AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\DU Meter\DUMeterSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\PROGRA~2\DUMETE~1\DUMeter.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.commWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [DU Meter] "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostartmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exemRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTrusted Zone: line6.netDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{003C63EA-8AD1-4684-8AE9-9CB5D5674BF0} : DHCPNameServer = 168.94.0.14 168.94.0.15TCP: Interfaces\{3F9CACF0-61A2-44F4-91B8-A1F99C6F2379} : DHCPNameServer = 192.168.1.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vsylsh6n.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dllFF - plugin: C:\Windows\System32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-19 75904]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-19 38016]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-17 55952]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys [2012-4-3 450680]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys [2012-4-3 912504]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20130405.001\IDSviA64.sys [2013-4-5 513184]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\ironx64.sys [2012-4-3 171128]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\symnets.sys [2012-4-3 386168]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-19 203264]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]R2 DUMeterSvc;DU Meter Service;C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2013-4-6 2385304]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-6 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-6 682344]R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-19 1127448]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-12 46136]R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;C:\Program Files (x86)\DU Meter\DUMetr64.sys [2013-4-6 20968]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-6 24176]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-4-19 1041760]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-19 412776]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-19 38456]S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/12 20:41:53;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);C:\Windows\System32\drivers\GPWADrv64.sys [2010-3-9 894336]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-9-12 16384]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-4 1255736]S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-12-24 29288]S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-12-24 29288]S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-12-24 29288]S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-12-24 29288]S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-12-24 29288]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-04-08 02:51:43 -------- d-----w- C:\Windows\ERUNT2013-04-08 02:51:26 -------- d-----w- C:\JRT2013-04-08 02:45:35 98 ----a-w- C:\Windows\DeleteOnReboot.bat2013-04-06 21:45:27 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-04-06 21:45:27 -------- d-----w- C:\Program Files (x86)\Trend Micro2013-04-06 17:11:35 -------- d-----w- C:\ProgramData\Hagel Technologies2013-04-06 17:11:26 -------- d-----w- C:\Program Files (x86)\DU Meter2013-04-06 16:21:11 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes2013-04-06 16:20:42 -------- d-----w- C:\ProgramData\Malwarebytes2013-04-06 16:20:40 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-04-06 16:20:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-04-06 16:20:28 -------- d-----w- C:\Users\owner\AppData\Local\Programs2013-04-06 14:05:11 -------- d-----w- C:\ProgramData\Paessler2013-04-06 14:05:05 -------- d-----w- C:\usr2013-04-06 14:04:58 -------- d-----w- C:\ProgramData\Logs2013-04-06 14:04:58 -------- d-----w- C:\ProgramData\Licenses2013-04-06 14:03:52 -------- d-----w- C:\Program Files (x86)\PRTG Network Monitor2013-04-06 02:37:47 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-26 01:38:21 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys.==================== Find3M ====================.2013-04-06 02:37:37 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2013-04-06 02:37:36 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-03-13 04:27:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-13 04:27:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll2013-01-13 02:53:02 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe2013-01-13 02:37:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-01-13 02:37:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-01-13 02:37:08 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll.============= FINISH: 9:02:55.94 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 7/4/2011 2:51:47 PMSystem Uptime: 4/9/2013 8:29:40 AM (1 hours ago).Motherboard: FOXCONN | | 2AB1Processor: AMD Phenom II X4 960T Processor | CPU 1 | 780/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1386 GiB total, 593.646 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.366 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP140: 3/8/2013 12:00:04 AM - Scheduled CheckpointRP141: 3/14/2013 3:00:11 AM - Windows UpdateRP142: 3/22/2013 12:00:05 AM - Scheduled CheckpointRP143: 3/26/2013 3:00:12 AM - Windows UpdateRP144: 4/3/2013 12:00:05 AM - Scheduled CheckpointRP145: 4/5/2013 9:34:46 PM - Removed Java 6 Update 37RP146: 4/5/2013 9:37:04 PM - Installed Java 7 Update 17RP147: 4/6/2013 4:44:47 PM - Installed HiJackThis.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6)Agatha Christie - Peril at End HouseAMD APP SDK RuntimeAMD FuelAMD VISION Engine Control CenterAmpliTube 2 LiveApple Application SupportApple Mobile Device SupportApple Software UpdateASPCA Reminder by We-Care.com v4.1.21.1ATI Catalyst Install ManagerATI Problem Report WizardBejeweled 2 DeluxeBejeweled 3Blackhawk Striker 2Blasterball 3BlioBonjourBounce SymphonyBuild-a-lot 2Cake ManiaCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChuzzle DeluxeConvertXtoDVD 4.1.19.365Coupon Companion PluginCyberLink PowerProducer 5.5D3DX10dcmsvc 1.0Diner Dash 2 Restaurant RescueDora's World AdventureDU MeterFarm FrenzyFATE - The Traitor SoulHiJackThisHP AutoHP Client ServicesHP Customer Experience EnhancementsHP GamesHP LinkUpHP MediaSmart/TouchSmart NetflixHP OdometerHP SetupHP Setup ManagerHP Support InformationHP UpdateHP Vision Hardware DiagnosticsHulu DesktopHydraVisioniCloudImgBurnInfoAtoms [uninstall]iTunesJava 7 Update 17Java Auto UpdaterJunk Mail filter updateKoboKONICA MINOLTA magicolor 2530DLLG Burning ToolLG CyberLink BD AdvisorLG CyberLink Blu-ray Disc SuiteLG CyberLink LabelPrintLG CyberLink MediaEspressoLG CyberLink MediaShowLG CyberLink PowerBackupLG CyberLink PowerDVDLG CyberLink YouCamLG Tool KitLightScribe System SoftwareLine 6 UninstallerMah Jong MedleyMalwarebytes Anti-Malware version 1.70.0.1100Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft IntelliPoint 8.2Microsoft IntelliType Pro 8.2Microsoft Office 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WSE 3.0 RuntimeMozilla Firefox 19.0.2 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64Mystery P.I. - Stolen in San FranciscoNamco All-Stars PAC-MANNorton AntiVirusNorton Online BackupOmron Health Management SoftwarePDF Complete Special EditionPenguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime amd64PlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPowerTeacher GradebookPressReaderQuickTimeRealtek High Definition Audio DriverRecovery ManagerRemote Graphics ReceiverRiffWorks StandardRoxioNow PlayerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Slingo SupremeTMPGEnc Authoring Works 4Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update Installer for WildTangent Games AppVirtual Villagers 4 - The Tree of LifeVLC media player 2.0.1Warner Bros. Digital Copy ManagerWheel of Fortune 2WildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows XP ModeWinRAR 4.01 (64-bit)Zinio Reader 4Zuma Deluxe.==== Event Viewer Messages From Past Week ========.4/9/2013 8:32:11 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.4/9/2013 8:30:14 AM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified..==== End Of File =========================== Link to post Share on other sites More sharing options...
Tomk1 Posted April 9, 2013 ID:666617 Share Posted April 9, 2013 Your log looks good. That is all I see, but let's run another tool and see what it finds.Download ComboFix from here: http://download.blee...Bs/ComboFix.exe* IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.htmlDouble click on ComboFix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Link to post Share on other sites More sharing options...
LDTate Posted April 29, 2013 ID:674908 Share Posted April 29, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts