[RESOLVED] Firefox "Search Engines" settings hijacked???
Results 1 to 9 of 9

Thread: [RESOLVED] Firefox "Search Engines" settings hijacked???

  1. #1
    Join Date
    Dec 2007
    Location
    Brussels, Belgium Europe
    Posts
    91

    Resolved [RESOLVED] Firefox "Search Engines" settings hijacked???

    Not sure if you can help on this one...

    I thought I would never see the likes of the "MyStart" low-lifes again on my PC.

    I'm a writer and do a lot of search work.
    I use fire fox and somehow either through a download or another method the MyStart Search Engine has taken over my Firefox "Search Engines"

    I have removed all the engines and still it keeps popping up and self-defaulting itself. I've done a virtual manual search of every part of my C: drive, registry, every folder, User folder and all installed Programs and still cannot locate any sign of where or how this bastard "MyStart by IncrediBar.com" is.

    Do any of you have any inside ideas how to find and disable/delete this SOB.
    3.30 in the morning and frustrated!
    15.10.11
    Windows7 Ultimate x64 6.1.7600 build 7600
    PROCESSOR LEVEL: Intel i5 661@3.33GHz
    MOTHERBOARD: ASUS P7P55-M
    BIOS: American Megatrends Inc 0312, 13.11.09
    RAM: 6Gb DDR3
    GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
    HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
    MONITOR: HP x23LED
    DVD/CD: Plextor PX750A

  2. #2
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,399
    Malwarebytes should get it, so follow the instructions at
    http://discussions.virtualdr.com/sho...d.php?t=167915

  3. #3
    Join Date
    Dec 2007
    Location
    Brussels, Belgium Europe
    Posts
    91
    Well, this is a whole lot different than anything I tried yesterday evening/night.

    Makes me feel like an idiot compared to what I was doing...

    A bit of work... but worth it if this works/worked...
    I'm not making a move until you give me the "all clear" or your next instructions to clean this up....

    Cheers.


    ++++++++++++++++++++++++++++


    Virtual Dr log - scan logs
    05.03.12



    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


    Malwarebytes Anti-Malware (PRO) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.05.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Imagine :: LIVINGTHING [administrator]

    Protection: Disabled

    05.03.12 18:37:24
    mbam-log-2012-03-05 (18-37-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238223
    Time elapsed: 2 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)




    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-05 20:31:52
    Windows 6.1.7601 Service Pack 1
    Running: o9rjqw05.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4555554-6FB8-60D9-9CED-BCD8266DE126}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}@jajjgdnaoepancelidbn 0x66 0x61 0x63 0x62 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}@pabhhajnofnhmncnppkhihdgaipnjmad 0x64 0x61 0x63 0x62 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}@hajjgdnaoepancel 0x6E 0x62 0x6D 0x6A ...

    ---- Files - GMER 1.0.15 ----

    File C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\Connections\ColdFusion\mac\Conn_CF_04_MSAccessUnicode.js 12774 bytes

    ---- EOF - GMER 1.0.15 ----




    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-05 20:35:57
    -----------------------------
    20:35:57.539 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:35:57.539 Number of processors: 4 586 0x2502
    20:35:57.540 ComputerName: LIVINGTHING UserName: Imagine
    20:35:58.651 Initialize success
    20:36:27.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    20:36:27.025 Disk 0 Vendor: MAXTOR_STM3160815AS 4.AAB Size: 152627MB BusType: 3
    20:36:27.027 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
    20:36:27.029 Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01109 Size: 715404MB BusType: 3
    20:36:27.031 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
    20:36:27.033 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
    20:36:27.042 Disk 0 MBR read successfully
    20:36:27.044 Disk 0 MBR scan
    20:36:27.047 Disk 0 Windows 7 default MBR code
    20:36:27.054 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:36:27.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
    20:36:27.087 Disk 0 scanning C:\Windows\system32\drivers
    20:36:35.770 Service scanning
    20:36:54.505 Modules scanning
    20:36:54.521 Disk 0 trace - called modules:
    20:36:54.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:36:54.543 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800658a060]
    20:36:54.551 3 CLASSPNP.SYS[fffff88001a3b43f] -> nt!IofCallDriver -> [0xfffffa80062c5520]
    20:36:54.556 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80062c0060]
    20:36:54.563 Scan finished successfully
    20:37:28.165 Disk 0 MBR has been saved successfully to "C:\Users\Imagine\Desktop\MBR.dat"
    20:37:28.171 The log file has been saved successfully to "C:\Users\Imagine\Desktop\aswMBR.txt"





    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Imagine at 20:39:38 on 2012-03-05
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6135.3764 [GMT 1:00]
    .
    AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG201~1\avgrsa.exe
    C:\Program Files (x86)\AVG 2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\AVG 2012\avgfws.exe
    C:\Program Files (x86)\AVG 2012\avgwdsvc.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Windows\system32\viakaraokesrv.exe
    C:\Program Files (x86)\AVG 2012\avgnsa.exe
    C:\Program Files (x86)\AVG 2012\avgemca.exe
    C:\Program Files (x86)\AVG 2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\AVG 2012\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files (x86)\AVG 2012\avgtray.exe
    C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
    C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
    C:\program files (x86)\mozilla firefox\firefox.exe
    C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    mWinlogon: Userinit=userinit.exe,
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG 2012\avgssie.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitIEAddin.dll
    TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG 2012\avgtray.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Imagine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Evernote 4.0 - C:\Users\Imagine\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: DhcpNameServer = 195.130.131.1 195.130.130.129
    TCP: Interfaces\{570B0012-57D7-4AF1-9022-19E142BC3342} : DhcpNameServer = 195.130.131.1 195.130.130.129
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG 2012\avgpp.dll
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitBHO.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG 2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitIEAddin.dll
    TB-X64: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG 2012\avgtray.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\Imagine\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Imagine\AppData\Roaming\Mozilla\Firefox\Profiles\keaywigl.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\VideoLAN VLC Player\npvlc.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-24 3246040]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG 2012\avgfws.exe [2011-10-24 2398512]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG 2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG 2012\avgwdsvc.exe [2011-8-2 192776]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-3-5 652360]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-26 66560]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-16 2253120]
    R2 PDFSFilter;PDFSFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-12-27 6438264]
    R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-12-26 551352]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
    R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-2-3 134760]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-12-20 21504]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 REN2CAP_DRIVER;Hear;C:\Windows\system32\drivers\ren2cap.sys --> C:\Windows\system32\drivers\ren2cap.sys [?]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-05 12:47:31 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Malwarebytes
    2012-03-05 12:46:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-05 12:46:35 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-05 12:46:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2012-03-03 17:00:19 -------- d-----w- C:\Users\Imagine\AppData\Roaming\TeamViewer
    2012-03-03 16:56:57 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2012-03-02 19:50:47 -------- d-----w- C:\Program Files (x86)\Nuclear Coffee
    2012-03-02 18:53:48 -------- d-----w- C:\Users\Imagine\AppData\Local\FVD Suite
    2012-03-02 18:53:05 -------- d-----w- C:\Users\Imagine\AppData\Roaming\FVDToolbar
    2012-03-02 18:52:59 -------- d-----w- C:\Program Files (x86)\FVD Suite
    2012-03-01 18:34:56 -------- d-----w- C:\Users\Imagine\AppData\Roaming\FastStone
    2012-03-01 18:34:40 -------- d-----w- C:\Program Files (x86)\FastStone Photo Resizer
    2012-03-01 04:44:51 -------- d-----w- C:\Users\Imagine\dwhelper
    2012-02-29 22:31:27 -------- d-----w- C:\Users\Imagine\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-02-26 11:16:36 -------- d-----w- C:\Users\Imagine\AppData\Roaming\AVG
    2012-02-26 11:05:24 -------- d-----w- C:\Program Files (x86)\AVG
    2012-02-21 20:42:14 -------- d-----w- C:\Program Files (x86)\JotALot
    2012-02-20 14:35:27 -------- d-----w- C:\Users\Imagine\AppData\Local\LogMeIn Rescue Applet
    2012-02-18 20:33:11 -------- d-----w- C:\Users\Imagine\AppData\Local\Thunderbird
    2012-02-17 12:11:36 -------- d-----w- C:\Users\Imagine\AppData\Roaming\NVIDIA
    2012-02-17 12:10:06 -------- dc-h--w- C:\ProgramData\{EE095810-EED4-4DA0-94B4-24E9E1294094}
    2012-02-17 12:09:58 -------- dc-h--w- C:\ProgramData\{170C1966-15F2-48B8-AB1A-1EAAD775C8BE}
    2012-02-17 12:08:51 -------- dc-h--w- C:\ProgramData\{F0462BF3-22B3-49B8-9CC1-149924106E1F}
    2012-02-17 12:08:28 -------- dc-h--w- C:\ProgramData\{9895E7A6-4CCD-48CD-89C6-05677BEDDFE7}
    2012-02-17 08:01:13 -------- d-----w- C:\Program Files\DFX
    2012-02-16 18:54:07 -------- d-----w- C:\Users\Imagine\AppData\Local\DFX
    2012-02-16 18:49:25 -------- d-----w- C:\Program Files\Common Files\DFX
    2012-02-16 18:49:25 -------- d-----w- C:\Program Files (x86)\DFX
    2012-02-16 14:59:54 -------- d-----w- C:\ProgramData\AmUStor
    2012-02-16 14:59:54 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
    2012-02-16 14:52:57 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2012-02-16 14:52:39 -------- d-----w- C:\Intel
    2012-02-16 14:50:27 -------- d-----w- C:\Program Files (x86)\JMicron
    2012-02-16 14:39:13 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2012-02-16 14:39:13 646248 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2012-02-16 14:39:13 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2012-02-16 14:39:08 -------- d-----w- C:\Program Files (x86)\Realtek
    2012-02-16 14:27:28 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-02-16 14:27:04 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
    2012-02-16 14:27:04 137536 ----a-w- C:\Windows\System32\nvshext.dll
    2012-02-16 14:26:02 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-02-16 14:18:24 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-02-16 14:17:40 -------- d-----w- C:\NVIDIA
    2012-02-16 13:39:05 53248 ----a-r- C:\Users\Imagine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-02-16 13:38:56 -------- d-----w- C:\Users\Imagine\AppData\Local\Logishrd
    2012-02-16 13:38:33 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2012-02-16 13:29:04 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Logishrd
    2012-02-16 13:27:10 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
    2012-02-16 13:25:01 -------- d-----w- C:\ProgramData\SonicFocus
    2012-02-16 13:24:12 91760 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
    2012-02-16 13:24:12 83968 ----a-w- C:\Windows\System32\nQAPO.dll
    2012-02-16 13:24:11 85504 ----a-w- C:\Windows\System32\nQPropPageExt.dll
    2012-02-16 13:24:11 2915440 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
    2012-02-16 13:24:11 202864 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
    2012-02-16 13:24:10 675952 ----a-w- C:\Windows\System32\VIASysFx.dll
    2012-02-16 13:24:10 27760 ----a-w- C:\Windows\System32\ViakaraokeSrv.exe
    2012-02-16 13:24:10 2182768 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
    2012-02-16 13:24:09 90224 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
    2012-02-16 13:24:09 116848 ----a-w- C:\Windows\System32\ViaKaraokePropPageExt.dll
    2012-02-16 13:24:09 1161328 ----a-w- C:\Windows\System32\ViaKaraokeApo.dll
    2012-02-16 13:10:17 414632 ------w- C:\Windows\difxapi.dll
    2012-02-16 13:10:17 -------- d-----w- C:\Program Files (x86)\VIA
    2012-02-16 13:01:35 -------- d-----w- C:\ProgramData\DriverGenius
    2012-02-16 13:01:26 -------- d-----w- C:\Program Files (x86)\Driver-Soft DriverGenius
    2012-02-16 09:46:29 -------- d-----w- C:\Program Files (x86)\Everything
    2012-02-15 13:36:31 -------- d-----w- C:\Users\Imagine\AppData\Roaming\ACD Systems
    2012-02-15 13:36:31 -------- d-----w- C:\Users\Imagine\AppData\Local\ACD Systems
    2012-02-15 13:35:52 -------- d-----w- C:\ProgramData\ACD Systems
    2012-02-15 13:35:50 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems
    2012-02-15 13:35:50 -------- d-----w- C:\Program Files (x86)\ACD Systems
    2012-02-14 20:40:47 -------- d-----w- C:\Program Files\Q-Dir
    2012-02-14 20:39:23 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Q-Dir
    2012-02-13 14:55:57 -------- d-----w- C:\Users\Imagine\AppData\Roaming\audiodg
    2012-02-13 12:20:47 -------- d-----w- C:\Users\Imagine\AppData\Local\Evernote
    2012-02-13 12:17:48 -------- d-----w- C:\Users\Imagine\AppData\Local\Apps
    2012-02-13 11:31:33 -------- d-----w- C:\Users\Imagine\AppData\Roaming\PCF-VLC
    2012-02-13 11:28:58 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
    2012-02-13 11:22:49 -------- d-----w- C:\Program Files\Registry Workshop
    2012-02-13 09:58:18 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2012-02-13 09:58:17 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
    2012-02-13 09:57:24 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-02-09 22:16:45 -------- d-----r- C:\Sandbox
    2012-02-09 21:07:47 -------- d-----w- C:\Program Files\Sandboxie
    2012-02-09 19:45:07 -------- d-----w- C:\Program Files (x86)\Temp
    2012-02-07 16:46:39 -------- d-----w- C:\ProgramData\PopCap Games
    2012-02-07 01:30:09 91568 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2012-02-07 01:30:09 -------- d-----w- C:\Program Files (x86)\PowerISO
    2012-02-05 20:38:13 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Dexpot
    2012-02-05 20:38:06 -------- d-----w- C:\Users\Imagine\AppData\Roaming\OpenCandy
    2012-02-05 20:00:06 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys
    2012-02-05 17:04:18 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Lamantine
    .
    ==================== Find3M ====================
    .
    2012-02-22 13:53:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-03 13:10:52 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
    2012-01-03 13:10:48 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-12-24 00:21:39 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
    2011-12-24 00:21:34 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
    2011-12-24 00:21:33 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
    2011-12-24 00:21:12 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2011-12-23 20:11:35 468480 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-12-23 20:11:27 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-12-20 02:46:50 43520 ----a-w- C:\Windows\System32\libusb0.dll
    2011-12-20 02:46:50 37376 ----a-w- C:\Windows\SysWow64\libusb0.dll
    2011-12-20 02:46:50 29184 ----a-w- C:\Windows\System32\drivers\libusb0.sys
    2011-12-20 02:46:50 21504 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
    2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 20:40:04.42 ===============





    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23.12.11 21:18:47
    System Uptime: 05.03.12 14:53:35 (6 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P7P55-M
    Processor: Intel(R) Core(TM) i5 CPU 661 @ 3.33GHz | LGA1156 | 3334/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 79.81 GiB free.
    D: is FIXED (NTFS) - 1863 GiB total, 23.988 GiB free.
    E: is FIXED (NTFS) - 699 GiB total, 198.832 GiB free.
    F: is FIXED (NTFS) - 931 GiB total, 376.312 GiB free.
    M: is CDROM ()
    P: is Removable
    Q: is Removable
    R: is Removable
    S: is Removable
    Y: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: WD SES Device USB Device
    Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341563535363531383934&2
    Manufacturer:
    Name: WD SES Device USB Device
    PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341563535363531383934&2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP126: 04.03.12 01:23:38 - Advanced SystemCare RestorePoint
    RP128: 05.03.12 02:51:26 - Revo Uninstaller Pro's restore point - ConvertHelper 2.2
    .
    ==== Installed Programs ======================
    .
    ACDSee Pro 4
    Acronis*True*Image*Home 2011
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Media Player
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AKVIS ArtWork
    AKVIS Coloriage
    AKVIS Decorator
    AKVIS Enhancer
    AKVIS Refocus
    AKVIS Retoucher
    AKVIS SmartMask
    Alcor Micro USB Card Reader
    ASUS nVidia Driver
    µTorrent
    AutoFX PhotoGraphic Edges 6
    AutoFX Suites
    AVG PC Tuneup 2011
    B/W Styler 1.03
    Color Efex Pro 4
    Dfine 2.0
    DFX for Winamp
    DFX for Windows Media Player
    Digital Element Aurora
    Driver Genius Professional Edition
    eReg
    erLT
    Evernote v. 4.3
    Everything 1.2.1.371
    EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements
    FaceFilter Studio 2 Trial Edition
    FastStone Photo Resizer 3.1
    FontExpert 2011 Font Manager
    Free Font Renamer 2.1
    FVD Suite 2.7.3
    HDR Efex Pro
    HostsMan 3.2.73
    Java(TM) 6 Update 21
    JGsoft EditPad Pro 6 v.6.4.5
    JMicron 1394 Filter Driver
    K-Lite Codec Pack 8.0.0 (Full)
    Knoll Light Factory Photo 32 bit
    Kobo
    Light v3.5 for Adobe Photoshop & Compatible Applications
    LucisArt 3 ED/SE
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 10.0.2 (x86 en-GB)
    Mozilla Thunderbird 10.0.2 (x86 en-GB)
    Nero 8 Micro
    Nuclear Coffee - VideoGet
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    ObjectDock Plus 2
    Password Depot 5
    PDF Settings CS5
    Perfect Photo Suite 6
    Platform
    Portrait Professional Studio 9.8
    Power Mask v1.0 for Photoshop
    Power Stroke v1.0 for Adobe Photoshop & Photoshop Elements
    PowerISO
    Realtek Ethernet Controller Driver
    Scrivener
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sharpener Pro 3.0
    Shinycore Path Styler Pro 1.5 for Photoshop
    Silver Efex Pro 2
    Snagit 10
    Snap v2.5 for Adobe Photoshop & Photoshop Elements
    Stardock Software
    Subtitle Edit v3.2.2
    Topaz InFocus
    Topaz Adjust 5
    Topaz Adjust 5 (64-bit)
    Topaz B&W Effects
    Topaz B&W Effects (64-bit)
    Topaz Clean 3
    Topaz Clean 3 (64-bit)
    Topaz DeJpeg 4
    Topaz DeJpeg 4 (64-bit)
    Topaz DeNoise 5
    Topaz DeNoise 5 (64-bit)
    Topaz Detail 2
    Topaz Detail 2 (64-bit)
    Topaz InFocus (64-bit)
    Topaz ReMask 3
    Topaz ReMask 3 (64-bit)
    Topaz Simplify 3
    Topaz Simplify 3 (64-bit)
    Topaz Star Effects
    Topaz Star Effects (64-bit)
    TwistingPixels
    Universal Extractor 1.6.1
    USB Safely Remove 4.7
    Vertus Fluid Mask 3 3.2.3
    VIA Platform Device Manager
    Visual Studio 2008 x64 Redistributables
    Viveza 2
    VLC media player 1.1.11
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Winamp
    Winamp Essentials Pack
    WordWeb Pro
    .
    ==== Event Viewer Messages From Past Week ========
    .
    05.03.12 20:22:24, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
    05.03.12 18:25:02, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    05.03.12 17:05:27, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    05.03.12 14:54:20, Error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: This driver has been blocked from loading
    05.03.12 14:54:20, Error: Application Popup [1060] - \??\C:\Windows\system32\Drivers\SSPORT.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    05.03.12 14:54:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa8034c05540, 0x0000000000000000, 0xfffff80002ab1c35, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-26598-01.
    05.03.12 14:45:55, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
    05.03.12 14:33:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa90068f58a8, 0x0000000000000000, 0xfffff88001006b77, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-22089-01.
    05.03.12 04:46:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa80350767cb, 0x0000000000000000, 0xfffff80002ab35d5, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-23228-01.
    05.03.12 03:34:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6800817a4d0, 0x0000000000000000, 0xfffff80002ac827b, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-26332-01.
    05.03.12 02:45:01, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa8034e7756b, 0x0000000000000000, 0xfffff80002ab64cf, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-25771-01.
    05.03.12 01:36:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
    04.03.12 12:06:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa80310b4830, 0x0000000000000000, 0xfffff80002aff8a8, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030412-27565-01.
    04.03.12 11:44:01, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    03.03.12 18:58:28, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa9005588040, 0x0000000000000001, 0xfffff80002ae8a4c, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030312-27112-01.
    02.03.12 14:59:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff9801e12a001, 0x0000000000006b37, 0xfffff780c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030212-29874-01.
    .
    ==== End Of File ===========================




    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++






    END OF SCANS....
    Last edited by WinXPisKaputt; March 5th, 2012 at 04:02 PM.
    15.10.11
    Windows7 Ultimate x64 6.1.7600 build 7600
    PROCESSOR LEVEL: Intel i5 661@3.33GHz
    MOTHERBOARD: ASUS P7P55-M
    BIOS: American Megatrends Inc 0312, 13.11.09
    RAM: 6Gb DDR3
    GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
    HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
    MONITOR: HP x23LED
    DVD/CD: Plextor PX750A

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,505
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    ===============================================================

    Does the redirection affect IE as well?

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  5. #5
    Join Date
    Dec 2007
    Location
    Brussels, Belgium Europe
    Posts
    91
    I use firefox almost exclusively.
    Apart from some MS updates I never use IE but from what I can tell it doesn't seem to be infected.

    As far as I can tell the proprieters of this company that has infected my PC seems to be a legitimate business based in Israel.
    Their main products are IncrediMail, SmileBox, etc.

    This kind of business practice says it all.
    If you can't invite customers to your business legitimately then use Malware to do so.

    Seems, that Firefox is still infected...
    Will try your GooredFix later this evening.

    Cheers.
    15.10.11
    Windows7 Ultimate x64 6.1.7600 build 7600
    PROCESSOR LEVEL: Intel i5 661@3.33GHz
    MOTHERBOARD: ASUS P7P55-M
    BIOS: American Megatrends Inc 0312, 13.11.09
    RAM: 6Gb DDR3
    GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
    HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
    MONITOR: HP x23LED
    DVD/CD: Plextor PX750A

  6. #6
    Join Date
    Dec 2007
    Location
    Brussels, Belgium Europe
    Posts
    91
    Just finished my work...
    I do a lot of design work and writing, trying to do some catch-up from this weekend after these infection interruptions...

    Thanks for your attention, it's very kind of you.
    Cheers.

    Here's those text results...

    +++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++




    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 02:50 on 06/03/2012 (Imagine)
    Firefox version 10.0.2 (en-GB)

    ========== GooredScan ==========

    Removing Orphan:
    "{9051303c-7e41-4311-a783-d6fe5ef2832d}"="C:\Program Files (x86)\FVD Suite\addons\Firefox" -> Success!

    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [00:35 24/12/2011]

    C:\Users\Imagine\Application Data\Mozilla\Firefox\Profiles\keaywigl.default\extensions\
    en-GB@dictionaries.addons.mozilla.org [10:37 25/12/2011]
    foxmarks@kei.com [16:46 17/01/2012]
    If one of the addons dont work [00:37 05/03/2012]
    {9051303c-7e41-4311-a783-d6fe5ef2832d} [19:15 02/03/2012]
    {9A752782-D706-479b-98F8-3F66BF921692} [16:46 17/01/2012]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG 2012\Firefox4\" [20:49 23/12/2011]
    "passworddepot@acebit.com"="C:\Program Files (x86)\AceBIT Password Depot\Firefox\" [00:46 24/12/2011]
    "{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"="C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" [12:17 26/12/2011]
    "web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [14:30 27/12/2011]
    "wcapturex@deskperience.com"="C:\Program Files (x86)\WordWeb\WCaptureMoz" [21:23 31/01/2012]

    -=E.O.F=-
    15.10.11
    Windows7 Ultimate x64 6.1.7600 build 7600
    PROCESSOR LEVEL: Intel i5 661@3.33GHz
    MOTHERBOARD: ASUS P7P55-M
    BIOS: American Megatrends Inc 0312, 13.11.09
    RAM: 6Gb DDR3
    GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
    HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
    MONITOR: HP x23LED
    DVD/CD: Plextor PX750A

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,505
    How is redirection now?

  8. #8
    Join Date
    Dec 2007
    Location
    Brussels, Belgium Europe
    Posts
    91

    Resolved

    I was waiting for your further instruction... my mis-understanding.

    I took the initiative of placing the file within a created folder named:
    (If one of the addons dont work)

    1 "{9051303c-7e41-4311-a783-d6fe5ef2832d}"="C:\Program Files (x86)\FVD Suite\addons\Firefox"

    2 "suite_installer@calibr.com.xpi"
    This *.xpi file I place in that created folder yesterday - it seemed very suspicious and didn't seem to be any addon...


    Dear, dear mate...
    Thus far, I don't keep receiving a very intrusive warning pop-up message informing me every 2 minutes that "The addons have been changed - Do you want to allow this change?"


    I can't thank you enough.
    Thanks to all of you for being here...



    I have a good mind to send these low-lifes at FVD Suite a few chosen words tomorrow but I'm sure that this will just fall on deaf ears.
    15.10.11
    Windows7 Ultimate x64 6.1.7600 build 7600
    PROCESSOR LEVEL: Intel i5 661@3.33GHz
    MOTHERBOARD: ASUS P7P55-M
    BIOS: American Megatrends Inc 0312, 13.11.09
    RAM: 6Gb DDR3
    GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
    HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
    MONITOR: HP x23LED
    DVD/CD: Plextor PX750A

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,505
    Good news

    Good luck!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •