-
March 4th, 2012, 10:32 PM
#1
[RESOLVED] Firefox "Search Engines" settings hijacked???
Not sure if you can help on this one...
I thought I would never see the likes of the "MyStart" low-lifes again on my PC.
I'm a writer and do a lot of search work.
I use fire fox and somehow either through a download or another method the MyStart Search Engine has taken over my Firefox "Search Engines"
I have removed all the engines and still it keeps popping up and self-defaulting itself. I've done a virtual manual search of every part of my C: drive, registry, every folder, User folder and all installed Programs and still cannot locate any sign of where or how this bastard "MyStart by IncrediBar.com" is.
Do any of you have any inside ideas how to find and disable/delete this SOB.
3.30 in the morning and frustrated!
15.10.11
Windows7 Ultimate x64 6.1.7600 build 7600
PROCESSOR LEVEL: Intel i5 661@3.33GHz
MOTHERBOARD: ASUS P7P55-M
BIOS: American Megatrends Inc 0312, 13.11.09
RAM: 6Gb DDR3
GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
MONITOR: HP x23LED
DVD/CD: Plextor PX750A
-
March 4th, 2012, 11:05 PM
#2
Malwarebytes should get it, so follow the instructions at
http://discussions.virtualdr.com/sho...d.php?t=167915
-
March 5th, 2012, 03:59 PM
#3
Well, this is a whole lot different than anything I tried yesterday evening/night.
Makes me feel like an idiot compared to what I was doing...
A bit of work... but worth it if this works/worked...
I'm not making a move until you give me the "all clear" or your next instructions to clean this up....
Cheers.
++++++++++++++++++++++++++++
Virtual Dr log - scan logs
05.03.12
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.05.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Imagine :: LIVINGTHING [administrator]
Protection: Disabled
05.03.12 18:37:24
mbam-log-2012-03-05 (18-37-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238223
Time elapsed: 2 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-05 20:31:52
Windows 6.1.7601 Service Pack 1
Running: o9rjqw05.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4555554-6FB8-60D9-9CED-BCD8266DE126}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}@jajjgdnaoepancelidbn 0x66 0x61 0x63 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}@pabhhajnofnhmncnppkhihdgaipnjmad 0x64 0x61 0x63 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E87E07C1-F9EA-2CF9-C924-657638EC1C97}@hajjgdnaoepancel 0x6E 0x62 0x6D 0x6A ...
---- Files - GMER 1.0.15 ----
File C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\Connections\ColdFusion\mac\Conn_CF_04_MSAccessUnicode.js 12774 bytes
---- EOF - GMER 1.0.15 ----
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 20:35:57
-----------------------------
20:35:57.539 OS Version: Windows x64 6.1.7601 Service Pack 1
20:35:57.539 Number of processors: 4 586 0x2502
20:35:57.540 ComputerName: LIVINGTHING UserName: Imagine
20:35:58.651 Initialize success
20:36:27.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:36:27.025 Disk 0 Vendor: MAXTOR_STM3160815AS 4.AAB Size: 152627MB BusType: 3
20:36:27.027 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
20:36:27.029 Disk 1 Vendor: SAMSUNG_HD753LJ 1AA01109 Size: 715404MB BusType: 3
20:36:27.031 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
20:36:27.033 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
20:36:27.042 Disk 0 MBR read successfully
20:36:27.044 Disk 0 MBR scan
20:36:27.047 Disk 0 Windows 7 default MBR code
20:36:27.054 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:36:27.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
20:36:27.087 Disk 0 scanning C:\Windows\system32\drivers
20:36:35.770 Service scanning
20:36:54.505 Modules scanning
20:36:54.521 Disk 0 trace - called modules:
20:36:54.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:36:54.543 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800658a060]
20:36:54.551 3 CLASSPNP.SYS[fffff88001a3b43f] -> nt!IofCallDriver -> [0xfffffa80062c5520]
20:36:54.556 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80062c0060]
20:36:54.563 Scan finished successfully
20:37:28.165 Disk 0 MBR has been saved successfully to "C:\Users\Imagine\Desktop\MBR.dat"
20:37:28.171 The log file has been saved successfully to "C:\Users\Imagine\Desktop\aswMBR.txt"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Imagine at 20:39:38 on 2012-03-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6135.3764 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG201~1\avgrsa.exe
C:\Program Files (x86)\AVG 2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\AVG 2012\avgfws.exe
C:\Program Files (x86)\AVG 2012\avgwdsvc.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\AVG 2012\avgnsa.exe
C:\Program Files (x86)\AVG 2012\avgemca.exe
C:\Program Files (x86)\AVG 2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG 2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\AVG 2012\avgtray.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\program files (x86)\mozilla firefox\firefox.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG 2012\avgssie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitIEAddin.dll
TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG 2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Imagine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Users\Imagine\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 195.130.131.1 195.130.130.129
TCP: Interfaces\{570B0012-57D7-4AF1-9022-19E142BC3342} : DhcpNameServer = 195.130.131.1 195.130.130.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG 2012\avgpp.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG 2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith Snagit 10\SnagitIEAddin.dll
TB-X64: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG 2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\Imagine\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Imagine\AppData\Roaming\Mozilla\Firefox\Profiles\keaywigl.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\VideoLAN VLC Player\npvlc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-24 3246040]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG 2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG 2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG 2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2012-3-5 652360]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-26 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-16 2253120]
R2 PDFSFilter;PDFSFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-12-27 6438264]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-12-26 551352]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-2-3 134760]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-12-20 21504]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 REN2CAP_DRIVER;Hear;C:\Windows\system32\drivers\ren2cap.sys --> C:\Windows\system32\drivers\ren2cap.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-05 12:47:31 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Malwarebytes
2012-03-05 12:46:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-05 12:46:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-05 12:46:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2012-03-03 17:00:19 -------- d-----w- C:\Users\Imagine\AppData\Roaming\TeamViewer
2012-03-03 16:56:57 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-03-02 19:50:47 -------- d-----w- C:\Program Files (x86)\Nuclear Coffee
2012-03-02 18:53:48 -------- d-----w- C:\Users\Imagine\AppData\Local\FVD Suite
2012-03-02 18:53:05 -------- d-----w- C:\Users\Imagine\AppData\Roaming\FVDToolbar
2012-03-02 18:52:59 -------- d-----w- C:\Program Files (x86)\FVD Suite
2012-03-01 18:34:56 -------- d-----w- C:\Users\Imagine\AppData\Roaming\FastStone
2012-03-01 18:34:40 -------- d-----w- C:\Program Files (x86)\FastStone Photo Resizer
2012-03-01 04:44:51 -------- d-----w- C:\Users\Imagine\dwhelper
2012-02-29 22:31:27 -------- d-----w- C:\Users\Imagine\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-26 11:16:36 -------- d-----w- C:\Users\Imagine\AppData\Roaming\AVG
2012-02-26 11:05:24 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-21 20:42:14 -------- d-----w- C:\Program Files (x86)\JotALot
2012-02-20 14:35:27 -------- d-----w- C:\Users\Imagine\AppData\Local\LogMeIn Rescue Applet
2012-02-18 20:33:11 -------- d-----w- C:\Users\Imagine\AppData\Local\Thunderbird
2012-02-17 12:11:36 -------- d-----w- C:\Users\Imagine\AppData\Roaming\NVIDIA
2012-02-17 12:10:06 -------- dc-h--w- C:\ProgramData\{EE095810-EED4-4DA0-94B4-24E9E1294094}
2012-02-17 12:09:58 -------- dc-h--w- C:\ProgramData\{170C1966-15F2-48B8-AB1A-1EAAD775C8BE}
2012-02-17 12:08:51 -------- dc-h--w- C:\ProgramData\{F0462BF3-22B3-49B8-9CC1-149924106E1F}
2012-02-17 12:08:28 -------- dc-h--w- C:\ProgramData\{9895E7A6-4CCD-48CD-89C6-05677BEDDFE7}
2012-02-17 08:01:13 -------- d-----w- C:\Program Files\DFX
2012-02-16 18:54:07 -------- d-----w- C:\Users\Imagine\AppData\Local\DFX
2012-02-16 18:49:25 -------- d-----w- C:\Program Files\Common Files\DFX
2012-02-16 18:49:25 -------- d-----w- C:\Program Files (x86)\DFX
2012-02-16 14:59:54 -------- d-----w- C:\ProgramData\AmUStor
2012-02-16 14:59:54 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
2012-02-16 14:52:57 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-02-16 14:52:39 -------- d-----w- C:\Intel
2012-02-16 14:50:27 -------- d-----w- C:\Program Files (x86)\JMicron
2012-02-16 14:39:13 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-02-16 14:39:13 646248 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-02-16 14:39:13 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-02-16 14:39:08 -------- d-----w- C:\Program Files (x86)\Realtek
2012-02-16 14:27:28 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-02-16 14:27:04 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2012-02-16 14:27:04 137536 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-16 14:26:02 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-16 14:18:24 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-02-16 14:17:40 -------- d-----w- C:\NVIDIA
2012-02-16 13:39:05 53248 ----a-r- C:\Users\Imagine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-16 13:38:56 -------- d-----w- C:\Users\Imagine\AppData\Local\Logishrd
2012-02-16 13:38:33 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-02-16 13:29:04 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Logishrd
2012-02-16 13:27:10 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2012-02-16 13:25:01 -------- d-----w- C:\ProgramData\SonicFocus
2012-02-16 13:24:12 91760 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2012-02-16 13:24:12 83968 ----a-w- C:\Windows\System32\nQAPO.dll
2012-02-16 13:24:11 85504 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2012-02-16 13:24:11 2915440 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2012-02-16 13:24:11 202864 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2012-02-16 13:24:10 675952 ----a-w- C:\Windows\System32\VIASysFx.dll
2012-02-16 13:24:10 27760 ----a-w- C:\Windows\System32\ViakaraokeSrv.exe
2012-02-16 13:24:10 2182768 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2012-02-16 13:24:09 90224 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2012-02-16 13:24:09 116848 ----a-w- C:\Windows\System32\ViaKaraokePropPageExt.dll
2012-02-16 13:24:09 1161328 ----a-w- C:\Windows\System32\ViaKaraokeApo.dll
2012-02-16 13:10:17 414632 ------w- C:\Windows\difxapi.dll
2012-02-16 13:10:17 -------- d-----w- C:\Program Files (x86)\VIA
2012-02-16 13:01:35 -------- d-----w- C:\ProgramData\DriverGenius
2012-02-16 13:01:26 -------- d-----w- C:\Program Files (x86)\Driver-Soft DriverGenius
2012-02-16 09:46:29 -------- d-----w- C:\Program Files (x86)\Everything
2012-02-15 13:36:31 -------- d-----w- C:\Users\Imagine\AppData\Roaming\ACD Systems
2012-02-15 13:36:31 -------- d-----w- C:\Users\Imagine\AppData\Local\ACD Systems
2012-02-15 13:35:52 -------- d-----w- C:\ProgramData\ACD Systems
2012-02-15 13:35:50 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems
2012-02-15 13:35:50 -------- d-----w- C:\Program Files (x86)\ACD Systems
2012-02-14 20:40:47 -------- d-----w- C:\Program Files\Q-Dir
2012-02-14 20:39:23 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Q-Dir
2012-02-13 14:55:57 -------- d-----w- C:\Users\Imagine\AppData\Roaming\audiodg
2012-02-13 12:20:47 -------- d-----w- C:\Users\Imagine\AppData\Local\Evernote
2012-02-13 12:17:48 -------- d-----w- C:\Users\Imagine\AppData\Local\Apps
2012-02-13 11:31:33 -------- d-----w- C:\Users\Imagine\AppData\Roaming\PCF-VLC
2012-02-13 11:28:58 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2012-02-13 11:22:49 -------- d-----w- C:\Program Files\Registry Workshop
2012-02-13 09:58:18 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-02-13 09:58:17 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-02-13 09:57:24 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-02-09 22:16:45 -------- d-----r- C:\Sandbox
2012-02-09 21:07:47 -------- d-----w- C:\Program Files\Sandboxie
2012-02-09 19:45:07 -------- d-----w- C:\Program Files (x86)\Temp
2012-02-07 16:46:39 -------- d-----w- C:\ProgramData\PopCap Games
2012-02-07 01:30:09 91568 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-02-07 01:30:09 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-02-05 20:38:13 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Dexpot
2012-02-05 20:38:06 -------- d-----w- C:\Users\Imagine\AppData\Roaming\OpenCandy
2012-02-05 20:00:06 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2012-02-05 17:04:18 -------- d-----w- C:\Users\Imagine\AppData\Roaming\Lamantine
.
==================== Find3M ====================
.
2012-02-22 13:53:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-03 13:10:52 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-01-03 13:10:48 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-24 00:21:39 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-12-24 00:21:34 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-12-24 00:21:33 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-12-24 00:21:12 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2011-12-23 20:11:35 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-23 20:11:27 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-20 02:46:50 43520 ----a-w- C:\Windows\System32\libusb0.dll
2011-12-20 02:46:50 37376 ----a-w- C:\Windows\SysWow64\libusb0.dll
2011-12-20 02:46:50 29184 ----a-w- C:\Windows\System32\drivers\libusb0.sys
2011-12-20 02:46:50 21504 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 20:40:04.42 ===============
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 23.12.11 21:18:47
System Uptime: 05.03.12 14:53:35 (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55-M
Processor: Intel(R) Core(TM) i5 CPU 661 @ 3.33GHz | LGA1156 | 3334/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 79.81 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 23.988 GiB free.
E: is FIXED (NTFS) - 699 GiB total, 198.832 GiB free.
F: is FIXED (NTFS) - 931 GiB total, 376.312 GiB free.
M: is CDROM ()
P: is Removable
Q: is Removable
R: is Removable
S: is Removable
Y: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: WD SES Device USB Device
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341563535363531383934&2
Manufacturer:
Name: WD SES Device USB Device
PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341563535363531383934&2
Service:
.
==== System Restore Points ===================
.
RP126: 04.03.12 01:23:38 - Advanced SystemCare RestorePoint
RP128: 05.03.12 02:51:26 - Revo Uninstaller Pro's restore point - ConvertHelper 2.2
.
==== Installed Programs ======================
.
ACDSee Pro 4
Acronis*True*Image*Home 2011
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Media Player
Adobe Shockwave Player 11.5
Advanced SystemCare 3
AKVIS ArtWork
AKVIS Coloriage
AKVIS Decorator
AKVIS Enhancer
AKVIS Refocus
AKVIS Retoucher
AKVIS SmartMask
Alcor Micro USB Card Reader
ASUS nVidia Driver
µTorrent
AutoFX PhotoGraphic Edges 6
AutoFX Suites
AVG PC Tuneup 2011
B/W Styler 1.03
Color Efex Pro 4
Dfine 2.0
DFX for Winamp
DFX for Windows Media Player
Digital Element Aurora
Driver Genius Professional Edition
eReg
erLT
Evernote v. 4.3
Everything 1.2.1.371
EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements
FaceFilter Studio 2 Trial Edition
FastStone Photo Resizer 3.1
FontExpert 2011 Font Manager
Free Font Renamer 2.1
FVD Suite 2.7.3
HDR Efex Pro
HostsMan 3.2.73
Java(TM) 6 Update 21
JGsoft EditPad Pro 6 v.6.4.5
JMicron 1394 Filter Driver
K-Lite Codec Pack 8.0.0 (Full)
Knoll Light Factory Photo 32 bit
Kobo
Light v3.5 for Adobe Photoshop & Compatible Applications
LucisArt 3 ED/SE
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 10.0.2 (x86 en-GB)
Mozilla Thunderbird 10.0.2 (x86 en-GB)
Nero 8 Micro
Nuclear Coffee - VideoGet
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ObjectDock Plus 2
Password Depot 5
PDF Settings CS5
Perfect Photo Suite 6
Platform
Portrait Professional Studio 9.8
Power Mask v1.0 for Photoshop
Power Stroke v1.0 for Adobe Photoshop & Photoshop Elements
PowerISO
Realtek Ethernet Controller Driver
Scrivener
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sharpener Pro 3.0
Shinycore Path Styler Pro 1.5 for Photoshop
Silver Efex Pro 2
Snagit 10
Snap v2.5 for Adobe Photoshop & Photoshop Elements
Stardock Software
Subtitle Edit v3.2.2
Topaz InFocus
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz B&W Effects
Topaz B&W Effects (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz InFocus (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
Topaz Star Effects
Topaz Star Effects (64-bit)
TwistingPixels
Universal Extractor 1.6.1
USB Safely Remove 4.7
Vertus Fluid Mask 3 3.2.3
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
Viveza 2
VLC media player 1.1.11
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Essentials Pack
WordWeb Pro
.
==== Event Viewer Messages From Past Week ========
.
05.03.12 20:22:24, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
05.03.12 18:25:02, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
05.03.12 17:05:27, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.03.12 14:54:20, Error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: This driver has been blocked from loading
05.03.12 14:54:20, Error: Application Popup [1060] - \??\C:\Windows\system32\Drivers\SSPORT.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05.03.12 14:54:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa8034c05540, 0x0000000000000000, 0xfffff80002ab1c35, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-26598-01.
05.03.12 14:45:55, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
05.03.12 14:33:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa90068f58a8, 0x0000000000000000, 0xfffff88001006b77, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-22089-01.
05.03.12 04:46:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa80350767cb, 0x0000000000000000, 0xfffff80002ab35d5, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-23228-01.
05.03.12 03:34:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6800817a4d0, 0x0000000000000000, 0xfffff80002ac827b, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-26332-01.
05.03.12 02:45:01, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa8034e7756b, 0x0000000000000000, 0xfffff80002ab64cf, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-25771-01.
05.03.12 01:36:53, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
04.03.12 12:06:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa80310b4830, 0x0000000000000000, 0xfffff80002aff8a8, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030412-27565-01.
04.03.12 11:44:01, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
03.03.12 18:58:28, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffa9005588040, 0x0000000000000001, 0xfffff80002ae8a4c, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030312-27112-01.
02.03.12 14:59:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff9801e12a001, 0x0000000000006b37, 0xfffff780c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030212-29874-01.
.
==== End Of File ===========================
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
END OF SCANS....
Last edited by WinXPisKaputt; March 5th, 2012 at 04:02 PM.
15.10.11
Windows7 Ultimate x64 6.1.7600 build 7600
PROCESSOR LEVEL: Intel i5 661@3.33GHz
MOTHERBOARD: ASUS P7P55-M
BIOS: American Megatrends Inc 0312, 13.11.09
RAM: 6Gb DDR3
GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
MONITOR: HP x23LED
DVD/CD: Plextor PX750A
-
March 5th, 2012, 06:38 PM
#4
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
===============================================================
Does the redirection affect IE as well?
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
-
March 5th, 2012, 08:32 PM
#5
I use firefox almost exclusively.
Apart from some MS updates I never use IE but from what I can tell it doesn't seem to be infected.
As far as I can tell the proprieters of this company that has infected my PC seems to be a legitimate business based in Israel.
Their main products are IncrediMail, SmileBox, etc.
This kind of business practice says it all.
If you can't invite customers to your business legitimately then use Malware to do so.
Seems, that Firefox is still infected...
Will try your GooredFix later this evening.
Cheers.
15.10.11
Windows7 Ultimate x64 6.1.7600 build 7600
PROCESSOR LEVEL: Intel i5 661@3.33GHz
MOTHERBOARD: ASUS P7P55-M
BIOS: American Megatrends Inc 0312, 13.11.09
RAM: 6Gb DDR3
GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
MONITOR: HP x23LED
DVD/CD: Plextor PX750A
-
March 5th, 2012, 10:00 PM
#6
Just finished my work...
I do a lot of design work and writing, trying to do some catch-up from this weekend after these infection interruptions...
Thanks for your attention, it's very kind of you.
Cheers.
Here's those text results...
+++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++
GooredFix by jpshortstuff (03.07.10.1)
Log created at 02:50 on 06/03/2012 (Imagine)
Firefox version 10.0.2 (en-GB)
========== GooredScan ==========
Removing Orphan:
"{9051303c-7e41-4311-a783-d6fe5ef2832d}"="C:\Program Files (x86)\FVD Suite\addons\Firefox" -> Success!
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:35 24/12/2011]
C:\Users\Imagine\Application Data\Mozilla\Firefox\Profiles\keaywigl.default\extensions\
en-GB@dictionaries.addons.mozilla.org [10:37 25/12/2011]
foxmarks@kei.com [16:46 17/01/2012]
If one of the addons dont work [00:37 05/03/2012]
{9051303c-7e41-4311-a783-d6fe5ef2832d} [19:15 02/03/2012]
{9A752782-D706-479b-98F8-3F66BF921692} [16:46 17/01/2012]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG 2012\Firefox4\" [20:49 23/12/2011]
"passworddepot@acebit.com"="C:\Program Files (x86)\AceBIT Password Depot\Firefox\" [00:46 24/12/2011]
"{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"="C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" [12:17 26/12/2011]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [14:30 27/12/2011]
"wcapturex@deskperience.com"="C:\Program Files (x86)\WordWeb\WCaptureMoz" [21:23 31/01/2012]
-=E.O.F=-
15.10.11
Windows7 Ultimate x64 6.1.7600 build 7600
PROCESSOR LEVEL: Intel i5 661@3.33GHz
MOTHERBOARD: ASUS P7P55-M
BIOS: American Megatrends Inc 0312, 13.11.09
RAM: 6Gb DDR3
GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
MONITOR: HP x23LED
DVD/CD: Plextor PX750A
-
March 5th, 2012, 10:05 PM
#7
-
March 5th, 2012, 10:43 PM
#8
I was waiting for your further instruction... my mis-understanding.
I took the initiative of placing the file within a created folder named:
(If one of the addons dont work)
1 "{9051303c-7e41-4311-a783-d6fe5ef2832d}"="C:\Program Files (x86)\FVD Suite\addons\Firefox"
2 "suite_installer@calibr.com.xpi"
This *.xpi file I place in that created folder yesterday - it seemed very suspicious and didn't seem to be any addon...
Dear, dear mate...
Thus far, I don't keep receiving a very intrusive warning pop-up message informing me every 2 minutes that "The addons have been changed - Do you want to allow this change?"
I can't thank you enough.
Thanks to all of you for being here...
I have a good mind to send these low-lifes at FVD Suite a few chosen words tomorrow but I'm sure that this will just fall on deaf ears.
15.10.11
Windows7 Ultimate x64 6.1.7600 build 7600
PROCESSOR LEVEL: Intel i5 661@3.33GHz
MOTHERBOARD: ASUS P7P55-M
BIOS: American Megatrends Inc 0312, 13.11.09
RAM: 6Gb DDR3
GRAPHICS ACCELERATOR: EVGA/NVIDIA e-GeForce 6200LE 128Mb DDR
HDDs: C: 350Gb-SATA; D: 2TB-SATA; E: 750Gb-SATA
MONITOR: HP x23LED
DVD/CD: Plextor PX750A
-
March 5th, 2012, 10:47 PM
#9
Good news
Good luck!
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|