Redirect to Yahoo Virus

[MkayGee]

Hi,

 

Sad to be back here 3 years later but I have again found an problem I cannot fix. Thank you for your help in advance.

 

I am sometimes redirected through firefox to http://us.yhs4.search.yahoo.com/yhs/errorhandler yahoo search when I click on some links and my Internet explorer does not open.

 

Here are my results.

 

DDS Scan

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by Michela at 21:35:23 on 2014-04-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.1251 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Michela\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHRA.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\reg.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Michela\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uSearch Bar = www.bing.com

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [Facebook Update] "C:\Users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Download] "C:\Users\Michela\AppData\Local\SupportSoft\ddoctorv2\Michela\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [spotify Web Helper] "C:\Users\Michela\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Michela\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [spotify] "C:\Users\Michela\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHRA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 435"
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot
mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Michela\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Michela\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: $talisma_url$
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.



TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\26F607 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\3516D63757E676027416C6168797023502949494023313 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\E4564777F627B6D236267363165653839323561603563366 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: <No Name>: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TPCHWMsg] C:\Program Files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll



x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Michela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Michela\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Michela\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Michela\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Michela\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-3 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-3 207904]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-7-19 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-28 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-28 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-28 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-30 50344]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-7-6 20544]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 701512]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-15 517632]
R2 nlsx86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-8-26 71280]
R2 PingTaisWz;PingTaisWz;C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe [2009-12-31 173440]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-4-15 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-4-9 803696]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-3-23 14472]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-2-11 603896]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-30 79672]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2009-5-3 8704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-28 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-7-6 32832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McciServiceHost;McciServiceHost;"C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" --> C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-15 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-9 1255736]
.
=============== Created Last 30 ================
.
2014-03-15 21:14:49    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-15 21:11:35    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-15 21:11:34    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-15 21:11:32    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-15 21:11:32    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-15 18:21:19    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2014-03-15 18:21:42    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 18:21:42    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-22 14:52:10    206080    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 14:52:10    108800    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2014-01-17 22:24:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 22:24:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2014-01-11 06:03:56    79672    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-01-06 19:23:36    4558848    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2010-07-08 16:37:14    101544    ----a-w-    C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 21:37:07.50 ===============
 

 

ATTACH TEXT

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/31/2009 10:02:11 PM
System Uptime: 3/29/2014 11:40:37 AM (82 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core2 Duo CPU     T6500  @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 170.04 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP419: 10/19/2013 5:08:39 PM - Scheduled Checkpoint
RP420: 10/21/2013 7:52:14 PM - Installed Java 7 Update 45
RP421: 11/1/2013 12:55:37 AM - Windows Update
RP422: 11/8/2013 12:21:03 AM - Scheduled Checkpoint
RP423: 11/17/2013 3:00:54 AM - Windows Update
RP424: 11/18/2013 1:11:50 AM - Installed Java 7 Update 45 (64-bit)
RP425: 11/24/2013 9:00:07 PM - avast! antivirus system restore point
RP426: 12/9/2013 2:26:34 AM - Scheduled Checkpoint
RP427: 12/9/2013 3:00:14 AM - Windows Update
RP428: 12/11/2013 11:00:42 PM - Windows Update
RP429: 12/12/2013 9:34:56 AM - Windows Update
RP430: 12/16/2013 3:00:28 AM - Windows Update
RP431: 12/17/2013 7:48:18 AM - Windows Update
RP432: 12/20/2013 7:31:28 AM - Windows Update
RP433: 12/21/2013 3:00:25 AM - Windows Update
RP434: 12/30/2013 12:01:13 AM - avast! antivirus system restore point
RP435: 1/8/2014 9:51:38 PM - Scheduled Checkpoint
RP436: 1/19/2014 6:39:41 PM - Windows Update
RP437: 1/22/2014 10:27:21 AM - Removed Java 6 Update 39 (64-bit)
RP438: 1/22/2014 10:28:21 AM - Removed Java 6 Update 39 (64-bit)
RP439: 2/4/2014 12:35:39 AM - Scheduled Checkpoint
RP440: 2/18/2014 7:52:28 PM - Windows Update
RP441: 3/29/2014 11:25:08 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1  ads.mcafee.com
Hosts: 127.0.0.1  analytics.microsoft.com
Hosts: 127.0.0.1  metrics.bitdefender.com
Hosts: 127.0.0.1  metrics.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
Hosts: 127.0.0.1  ads.bleepingcomputer.com
Hosts: 127.0.0.1  wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Software Update
Ask Toolbar for Epson
att.net Internet Mail
avast! Free Antivirus
Cisco AnyConnect VPN Client
Cisco Connect
ClickMeeting
Compatibility Pack for the 2007 Office system
CRI-Resizer
CRI Image Resizer
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
Epson Connect
Epson Customer Participation
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 435 Series Printer Uninstall
EpsonNet Print
ESET Online Scanner v3
Facebook Plug-In
Facebook Video Calling 2.0.0.447
GMATPrep
Google Drive
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Harry Potter™ Calendar Widget
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Update
IHA_MessageCenter
inSSIDer 3
Intel® Graphics Media Accelerator Driver
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Jpg2Pdf version 1.2
LAME v3.99.3 (for Windows)
LightScribe  1.4.136.1
Malwarebytes Anti-Malware version 1.75.0.1300
Memory Clinic
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Maker
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Netzero Internet Access Installer
ooVoo
Photo Common
Photo Gallery
Picasa 3
PlayReady PC runtime
QuickBooks Financial Center
QuickTime 7
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
salesforce.com Data Loader
SAMSUNG USB Driver for Mobile Phones
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype Launcher
Skype™ 6.11
Sony Picture Utility
Spelling Dictionaries Support For Adobe Reader 9
Spotify
SpywareBlaster 5.0
Stamps.com
Stamps.com Address Book Support for Microsoft Outlook 97-2010
Stamps.com Application Support for Microsoft Outlook 2000-2010
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Outlook 2000-2010
Stamps.com support for Microsoft Outlook 97-2010
Stamps.com support for Microsoft Word 2000-2010
swMSM
Synaptics Pointing Device Driver
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Upgrade Assistant
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Vz In Home Agent
WildTangent Games
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
3/29/2014 11:42:21 AM, Error: Service Control Manager [7000]  - The McciServiceHost service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================
 

 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Ask Toolbar for Epson
ooVoo

Close the window. 
 
 
 
Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!

• Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
• Run Combofix.exe
  

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

[MkayGee]

Hi here is the combofix log,

 

ComboFix 14-03-24.01 - Michela 04/02/2014  19:00:19.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.2406 [GMT -5:00]
Running from: C:\Users\Michela\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

- REDUCED FUNCTIONALITY MODE -


(((((((((((((((((((((((((   Files Created from 2014-03-03 to 2014-04-03  )))))))))))))))))))))))))))))))


2014-04-03 00:06:31 . 2014-04-03 00:06:31    69000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FE64A51-5BC5-49D6-BA67-A50BC4D61B4E}\offreg.dll
2014-04-03 00:02:46 . 2014-04-03 00:02:46    --------    d-----w-    C:\Users\Virus Protection\AppData\Local\temp
2014-04-03 00:02:46 . 2014-04-03 00:02:46    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2014-04-03 00:02:46 . 2014-04-03 00:02:46    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2014-03-15 21:11:35 . 2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\system32\qedit.dll
2014-03-15 21:11:34 . 2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-15 21:11:32 . 2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\system32\WindowsCodecs.dll
2014-03-15 21:11:32 . 2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-15 18:21:19 . 2014-03-15 18:21:21    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-07 00:06:47 . 2014-03-07 00:06:47    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-07 00:06:47 . 2014-03-07 00:06:46    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-07 00:06:47 . 2014-03-07 00:06:45    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-07 00:06:47 . 2014-03-07 00:06:44    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-07 00:06:47 . 2014-03-07 00:06:41    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-07 00:05:49 . 2014-03-07 00:06:39    --------    d-----w-    C:\Program Files (x86)\QuickTime
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-03-29 16:34:18 . 2010-04-15 08:03:16    90015360    ----a-w-    C:\Windows\system32\MRT.exe
2014-03-15 18:21:42 . 2012-04-12 07:01:37    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-15 18:21:42 . 2011-12-30 08:31:19    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-22 14:52:10 . 2014-01-22 14:52:10    206080    ----a-w-    C:\Windows\system32\drivers\ssudmdm.sys
2014-01-22 14:52:10 . 2014-01-22 14:52:10    108800    ----a-w-    C:\Windows\system32\drivers\ssudbus.sys
2014-01-17 22:24:12 . 2014-01-17 22:24:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 22:24:12 . 2014-01-17 22:24:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2014-01-11 06:03:56 . 2013-12-30 06:03:28    79672    ----a-w-    C:\Windows\system32\drivers\aswstm.sys
2014-01-06 19:23:36 . 2014-01-06 19:23:36    4558848    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2010-07-08 16:37:14 . 2010-07-08 16:37:14    101544    ----a-w-    C:\Program Files\Common Files\LinkInstaller.exe


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 23:05:20 143360]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2010-11-20 13:24:42 163328]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 14:01:42 39408]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 15:05:32 720064]
"Spotify Web Helper"="C:\Users\Michela\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-28 17:01:48 1171968]
"Spotify"="C:\Users\Michela\AppData\Roaming\Spotify\Spotify.exe" [2014-01-28 17:01:52 6118400]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE" [2012-02-29 16:03:02 283232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 23:11:06 1283384]
"TkBellExe"="C:\Program Files (x86)\real\realplayer\update\realsched.exe" [2010-12-09 15:28:52 274608]
"Seagate Dashboard"="C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 23:06:40 79112]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 01:51:06 59720]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 20:27:46 89184]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]
"FUFAXRCV"="C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 05:00:00 495616]
"FUFAXSTM"="C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 05:00:00 856064]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" [2013-12-30 06:02:53 3764024]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 18:18:46 49208]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2014-01-17 22:24:00 421888]

C:\Users\Michela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe /nobaloononstart [2009-9-24 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys;C:\Windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys;C:\Windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys;C:\Windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys;C:\Windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe;C:\Program Files\Common Files\Motive\McciCMService.exe [x]
S2 nlsx86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe;C:\Windows\SysWOW64\nlssrv32.exe [x]
S2 PingTaisWz;PingTaisWz;C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe;C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe [x]
S2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe;C:\Program Files\TOSHIBA\TECO\TecoService.exe [x]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys;C:\Windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 aswStm;aswStm;C:\Windows\system32\drivers\aswStm.sys;C:\Windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys;C:\Windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys;C:\Windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeapfk
*Deregistered* - mfeavfk
*Deregistered* - mfehidk
*Deregistered* - mferkdet

Contents of the 'Scheduled Tasks' folder

2014-04-03 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:01:37 . 2014-03-15 18:21:43]

2014-04-02 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000Core.job
- C:\Users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 05:54:40 . 2012-07-12 03:08:42]

2014-04-02 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000UA.job
- C:\Users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 05:54:40 . 2012-07-12 03:08:42]

2014-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 15:25:21 . 2010-03-25 15:25:12]

2014-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 15:25:21 . 2010-03-25 15:25:12]

2014-04-03 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000Core.job
- C:\Users\Michela\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20 18:44:30 . 2012-11-20 18:44:22]

2014-04-03 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000UA.job
- C:\Users\Michela\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20 18:44:30 . 2012-11-20 18:44:22]

2014-04-01 C:\Windows\Tasks\ReclaimerUpdateFiles_Michela.job
- C:\Users\Michela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 16:21:14 . 2014-03-29 16:21:06]

2014-04-02 C:\Windows\Tasks\ReclaimerUpdateXML_Michela.job
- C:\Users\Michela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 16:21:14 . 2014-03-29 16:21:06]

2014-04-03 C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Michela.job
- C:\Users\Michela\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 16:21:14 . 2014-03-29 16:21:06]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-30 06:02:59    287280    ----a-w-    C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 21:05:26    777032    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 21:05:26    777032    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 21:05:26    777032    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 21:05:26    777032    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 21:05:26    777032    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 21:05:26    777032    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 17:18:08 1713448]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 18:38:56 1123840]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-26 01:45:04 161304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-08-26 01:44:54 386584]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-08-26 01:45:00 415256]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\


- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-Desktop Software - C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe
Wow6432Node-HKCU-Run-Download - C:\Users\Michela\AppData\Local\SupportSoft\ddoctorv2\Michela\ssGet.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HSON - C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmartFaceVWatcher - C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-SmoothView - C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-Teco - C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TPCHWMsg - C:\Program Files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe


                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            

[Psychotic]

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.
  

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.
  

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[MkayGee]

Hi,

 

There were no threats found from the Eset Scanner

 

here is the Mbam log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.03.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Michela :: MGRANT-PC [administrator]

4/3/2014 7:31:15 PM
mbam-log-2014-04-03 (19-31-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 465532
Time elapsed: 1 hour(s), 53 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[Psychotic]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[MkayGee]

Hi I just ran another Malware scan and the 2 registry keys are still there though it told me they were removed last scan.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.03.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Michela :: MGRANT-PC [administrator]

4/4/2014 10:20:19 AM
mbam-log-2014-04-04 (10-20-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466335
Time elapsed: 1 hour(s), 59 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[MkayGee]

# AdwCleaner v3.023 - Report created 04/04/2014 at 12:40:13
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michela - MGRANT-PC
# Running from : C:\Users\Michela\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Michela\AppData\Local\PackageAware
Folder Deleted : C:\Users\Virus Protection\AppData\Local\PackageAware
Folder Deleted : C:\Users\Virus Protection\AppData\Roaming\uniblue
Folder Deleted : C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\Conduit
Folder Deleted : C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\ConduitEngine
Folder Deleted : C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\Smartbar
Folder Deleted : C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\ValueApps
Folder Deleted : C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\CT2314472
Folder Deleted : C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\Extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\prefs.js ]

Line Deleted : user_pref("CT2314472..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2314472.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT2314472.1000234.TWC_locId", "USTX0504");
Line Deleted : user_pref("CT2314472.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT2314472.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2314472.AppTrackingLastCheckTime", "Sat Sep 07 2013 22:50:45 GMT-0500 (Central Standard Time)");

Line Deleted : user_pref("CT2314472.CTID", "CT2314472");
Line Deleted : user_pref("CT2314472.ConfigurationLastCheckTime", "Wed Nov 13 2013 19:18:07 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.CurrentServerDate", "18-11-2013");
Line Deleted : user_pref("CT2314472.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2314472.DialogsGetterLastCheckTime", "Sun Nov 10 2013 21:03:22 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2314472.EMailNotifierPollDate", "Mon Nov 18 2013 01:07:39 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2314472.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2314472.FeedLastCount128895777915888346", 350);
Line Deleted : user_pref("CT2314472.FeedLastCount128895786684794566", 50);
Line Deleted : user_pref("CT2314472.FeedPollDate128895777917138388", "Mon Nov 18 2013 00:38:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedPollDate128895777917138389", "Mon Nov 18 2013 00:38:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedPollDate128895777917138390", "Mon Nov 18 2013 00:38:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedPollDate128895777917138391", "Mon Nov 18 2013 00:38:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedPollDate128895777917138392", "Mon Nov 18 2013 00:38:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedPollDate128895777917138393", "Mon Nov 18 2013 00:38:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedPollDate128895777917138394", "Mon Nov 18 2013 00:38:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedPollDate128895786684794566", "Sun Nov 17 2013 23:58:14 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.FeedTTL128895777917138388", 40);
Line Deleted : user_pref("CT2314472.FeedTTL128895777917138389", 40);
Line Deleted : user_pref("CT2314472.FeedTTL128895777917138390", 40);
Line Deleted : user_pref("CT2314472.FeedTTL128895777917138391", 40);
Line Deleted : user_pref("CT2314472.FeedTTL128895777917138392", 40);
Line Deleted : user_pref("CT2314472.FeedTTL128895777917138393", 40);
Line Deleted : user_pref("CT2314472.FeedTTL128895777917138394", 40);
Line Deleted : user_pref("CT2314472.FirstServerDate", "2-2-2010");
Line Deleted : user_pref("CT2314472.FirstTime", true);
Line Deleted : user_pref("CT2314472.FirstTimeFF3", true);
Line Deleted : user_pref("CT2314472.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2314472.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2314472.HomePageProtectorEnabled", false);

Line Deleted : user_pref("CT2314472.Initialize", true);
Line Deleted : user_pref("CT2314472.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2314472.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2314472.InstalledDate", "Sun Nov 01 2009 21:59:44 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.InvalidateCache", false);
Line Deleted : user_pref("CT2314472.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2314472.IsGrouping", false);
Line Deleted : user_pref("CT2314472.IsMulticommunity", false);
Line Deleted : user_pref("CT2314472.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2314472.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2314472.LanguagePackLastCheckTime", "Sun Nov 17 2013 22:08:59 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2314472.LastLogin_2.4.0.4", "Sun Jan 31 2010 12:06:57 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.LastLogin_2.5.6.0", "Wed Apr 06 2011 16:53:51 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2314472.LastLogin_3.19.0.3", "Thu Sep 12 2013 05:39:53 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.LastLogin_3.20.0.4", "Sun Nov 17 2013 23:25:18 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.LastLogin_3.3.3.2", "Sun Dec 18 2011 23:05:51 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.LastLogin_3.8.1.0", "Tue Jan 31 2012 21:26:32 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT2314472.Locale", "en");
Line Deleted : user_pref("CT2314472.LoginCache", 4);
Line Deleted : user_pref("CT2314472.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2314472.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2314472.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2314472.RadioIsPodcast", false);
Line Deleted : user_pref("CT2314472.RadioLastCheckTime", "Sun Nov 17 2013 17:59:46 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.RadioLastUpdateIPServer", "4");
Line Deleted : user_pref("CT2314472.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT2314472.RadioMediaID", "11783662");
Line Deleted : user_pref("CT2314472.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2314472.RadioMenuSelectedID", "EBRadioMenu_CT231447211783662");
Line Deleted : user_pref("CT2314472.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2314472.RadioStationName", "Hotmix%20108");

Line Deleted : user_pref("CT2314472.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2314472.SearchAPILastCheckTime", "Sun Nov 17 2013 17:59:28 GMT-0600 (Central Standard Time)");


Line Deleted : user_pref("CT2314472.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2314472.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2314472.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2314472.SearchInNewTabLastCheckTime", "Thu Sep 12 2013 06:37:48 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2314472.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2314472.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2314472.ServiceMapLastCheckTime", "Sat Nov 16 2013 17:59:40 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2314472.SettingsLastCheckTime", "Mon Nov 18 2013 00:44:06 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.SettingsLastUpdate", "1384678554");
Line Deleted : user_pref("CT2314472.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2314472.ThirdPartyComponentsLastCheck", "Fri Nov 01 2013 17:58:33 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2314472.UserID", "UN28497306952453136");
Line Deleted : user_pref("CT2314472.ValidationData_Search", 2);
Line Deleted : user_pref("CT2314472.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2314472.WeatherNetwork", "");
Line Deleted : user_pref("CT2314472.WeatherPollDate", "Mon Nov 18 2013 00:58:18 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.WeatherUnit", "F");
Line Deleted : user_pref("CT2314472.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2314472.alertChannelId", "710635");
Line Deleted : user_pref("CT2314472.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2314472.countryCode", "US");
Line Deleted : user_pref("CT2314472.embeddedsData", "[{\"appId\":\"128893268190588258\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2314472.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT2314472.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT2314472.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2314472.fullUserID", "UN28497306952453136.UP.2042011032");

Line Deleted : user_pref("CT2314472.globalFirstTimeInfoLastCheckTime", "Wed Nov 13 2013 19:29:12 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2314472.initDone", true);
Line Deleted : user_pref("CT2314472.installType", "DirectDownload");
Line Deleted : user_pref("CT2314472.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT2314472.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2314472.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2314472.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2314472.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2314472.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2314472.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT2314472.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT2314472.missingMachineIdSent", "true");
Line Deleted : user_pref("CT2314472.myStuffEnabled", true);
Line Deleted : user_pref("CT2314472.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2314472.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2314472.oldAppsList", "128893268190588257,128893268190588258,111,128926806647025596,128893274578400776,128893275357463012,128893276160588153,128895786684794566,128895776911512782,12889577[...]
Line Deleted : user_pref("CT2314472.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2314472.search.searchAppId", "128893268190588258");
Line Deleted : user_pref("CT2314472.search.searchCount", 2);
Line Deleted : user_pref("CT2314472.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT2314472.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2314472.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2314472.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2314472.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2314472.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT2314472.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2314472.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2314472.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2314472.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2314472\"}");

Line Deleted : user_pref("CT2314472.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"TheFreeDictionarycom \"}");
Line Deleted : user_pref("CT2314472.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2314472.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2314472.serviceLayer_services_Configuration_lastUpdate", "1396571662227");
Line Deleted : user_pref("CT2314472.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1396626368356");
Line Deleted : user_pref("CT2314472.serviceLayer_services_app.twitter.user-espn_lastUpdate", "1396626368365");
Line Deleted : user_pref("CT2314472.serviceLayer_services_app.twitter.user-farlex_lastUpdate", "1396626368358");
Line Deleted : user_pref("CT2314472.serviceLayer_services_app.twitter.user-nasa_lastUpdate", "1396626368368");
Line Deleted : user_pref("CT2314472.serviceLayer_services_app.twitter.user-nytimes_lastUpdate", "1396626368363");
Line Deleted : user_pref("CT2314472.serviceLayer_services_app.twitter.user-time_lastUpdate", "1396626368353");
Line Deleted : user_pref("CT2314472.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1396626368361");
Line Deleted : user_pref("CT2314472.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1396109947758");
Line Deleted : user_pref("CT2314472.serviceLayer_services_appsMetadata_lastUpdate", "1396580284560");
Line Deleted : user_pref("CT2314472.serviceLayer_services_clientErrorLog_lastUpdate", "1394305915098");
Line Deleted : user_pref("CT2314472.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1396624865590");
Line Deleted : user_pref("CT2314472.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1396109949471");
Line Deleted : user_pref("CT2314472.serviceLayer_services_login_10.20.101.5_lastUpdate", "1385500400328");
Line Deleted : user_pref("CT2314472.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386906616983");
Line Deleted : user_pref("CT2314472.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396622297006");
Line Deleted : user_pref("CT2314472.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1396109947893");
Line Deleted : user_pref("CT2314472.serviceLayer_services_searchAPI_lastUpdate", "1396571662349");
Line Deleted : user_pref("CT2314472.serviceLayer_services_serviceMap_lastUpdate", "1396571662044");
Line Deleted : user_pref("CT2314472.serviceLayer_services_toolbarContextMenu_lastUpdate", "1396580284664");
Line Deleted : user_pref("CT2314472.serviceLayer_services_toolbarSettings_lastUpdate", "1396622294846");
Line Deleted : user_pref("CT2314472.serviceLayer_services_translation_lastUpdate", "1396580377255");
Line Deleted : user_pref("CT2314472.settingsINI", true);
Line Deleted : user_pref("CT2314472.showToolbarPermission", "false");
Line Deleted : user_pref("CT2314472.smartbar.CTID", "CT2314472");
Line Deleted : user_pref("CT2314472.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2314472.smartbar.toolbarName", "TheFreeDictionarycom ");
Line Deleted : user_pref("CT2314472.testingCtid", "");
Line Deleted : user_pref("CT2314472.toolbarAppMetaDataLastCheckTime", "Sun Nov 17 2013 17:59:26 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.toolbarBornServerTime", "2-2-2010");
Line Deleted : user_pref("CT2314472.toolbarContextMenuLastCheckTime", "Wed Nov 13 2013 19:18:36 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.toolbarCurrentServerTime", "4-4-2014");
Line Deleted : user_pref("CT2314472.toolbarLoginClientTime", "Mon Nov 18 2013 01:10:37 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2314472.undefined", "Sat Apr 23 2011 09:16:33 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2314472.usagesFlag", 2);
Line Deleted : user_pref("CT2314472_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396624931732,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");























Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,{d1e06b91-60e6-4492-af9f-53043fa32716}:3.3.3.2,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000-0022-A[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.machineId", "CG5N7ZEIKWQ9OLM6FKHM/DML2QYIL6VL9MBJXSFOY41+NTEDCYR4SLA2HGXHN8PRZPW90NN4FWKSKEDNPB0PIQ");
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT2314472.mam_gk_userBornDate.storedInFile", false);

[ File : C:\Users\Virus Protection\AppData\Roaming\Mozilla\Firefox\Profiles\0myz0cae.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

*************************

AdwCleaner[R0].txt - [24798 octets] - [04/04/2014 12:24:46]
AdwCleaner[s0].txt - [25165 octets] - [04/04/2014 12:40:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [25226 octets] ##########
 

[MkayGee]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michela on Fri 04/04/2014 at 13:02:21.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Michela\AppData\Roaming\mozilla\firefox\profiles\2vdm4kjb.default\extensions\staged
Successfully deleted the following from C:\Users\Michela\AppData\Roaming\mozilla\firefox\profiles\2vdm4kjb.default\prefs.js

user_pref("CT2314472_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396633606858,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("smartbar.machineId", "CG5N7ZEIKWQ9OLM6FKHM/DML2QYIL6VL9MBJXSFOY41+NTEDCYR4SLA2HGXHN8PRZPW90NN4FWKSKEDNPB0PIQ");
Emptied folder: C:\Users\Michela\AppData\Roaming\mozilla\firefox\profiles\2vdm4kjb.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/04/2014 at 13:14:28.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[Psychotic]

Then I need the SecurityCheck log as well

[MkayGee]

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Mozilla Firefox AvastSvc.exe -?-   
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

[Psychotic]

Your system is clean now!

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

• Get the actual JRE from here
• Save jxpiinstall.exe to your desktop
• Close all running programs, especially your browser(s)
• Run jxpiinstall.exe. This will download the newest JRE installer and install the software
• when finished, go to
  Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
• When finished, reboot your computer.

After the reboot

• Open control panel again and click the java symbol.
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
• Click Delete Files.
  The Delete Temporary Files dialog box appears
• Click OK on Delete Temporary Files window.
• Click OK again.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Run setup and follow the instructions.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.
  

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  
  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[MkayGee]

Thanks! Do you need anything else from me?

[Psychotic]

Nope!

Enjoy the world wide web again.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!