Solved Firefox is hijacked

Status
Not open for further replies.

granpaturismo

Posts: 10   +0
When using Firefox I get redirected when navigating to a new page. Either a new tab opens, or a pop-up opens or both, that take me to a page with a product or service similar to my intended destination. Also Hyperlinks on words on any page I am on provide pop-ups on hover. Other browsers, IE and Chrome, seem to be unaffected.

My system is Intel Pentium Dual E2200 2.4GHz, 5GB RAM
Windows 7 Home Premium SP1

I am running Windows Defender and Symantec Endpoint 11.0

Logs below:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.05.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: HP-PAVILLION [administrator]

Protection: Enabled

10/5/2012 9:34:58 PM
mbam-log-2012-10-05 (21-34-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208688
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\John\Downloads\CP1.2.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.

(end)

GMER found no problems and did not create a log

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by John at 7:02:04 on 2012-10-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5119.3571 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\spool\DRIVERS\x64\3\OPHALDCS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [NWEReboot]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: samsungsetup.com\www
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8A6BBE4B-4C40-4CB9-ADA0-C6F2FC37798C} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
BHO-X64: Search Results Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
BHO-X64: ArcadeCandy Games - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [NWEReboot]
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.startribune.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-15 397720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-10-10 20376]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-14 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-5 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-8 676936]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-22 976728]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-7-20 2440632]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-22 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-22 116104]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250288]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-05 22:44:56 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-05 21:21:53 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0EC7F9F-632D-4BF1-B840-DB53A5395F7C}\offreg.dll
2012-10-05 07:05:23 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0EC7F9F-632D-4BF1-B840-DB53A5395F7C}\mpengine.dll
2012-10-05 02:35:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-10-05 02:35:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-10-05 02:12:24 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-05 02:06:56 98816 ----a-w- C:\Windows\sed.exe
2012-10-05 02:06:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-10-05 02:06:56 256000 ----a-w- C:\Windows\PEV.exe
2012-10-05 02:06:56 208896 ----a-w- C:\Windows\MBR.exe
2012-10-05 02:06:42 -------- d-s---w- C:\ComboFix
2012-10-04 13:37:18 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-10-04 13:26:51 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-09-26 03:30:22 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-15 14:07:01 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-15 14:06:41 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 13:18:54 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-15 13:17:26 -------- d-----w- C:\Program Files\iPod
2012-09-15 13:17:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 13:17:25 -------- d-----w- C:\Program Files\iTunes
2012-09-15 13:17:25 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-14 23:59:11 -------- d-----w- C:\Program Files (x86)\toolbar2
2012-09-14 23:58:37 -------- d-----w- C:\Users\John\AppData\Local\ArcadeCandy
2012-09-12 16:44:15 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 16:44:15 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 16:44:13 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 16:44:13 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 16:44:11 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 16:44:11 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 16:44:10 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
==================== Find3M ====================
.
2012-09-22 21:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-09-20 20:29:35 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 20:29:35 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-15 14:06:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 18:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 18:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 7:03:19.82 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2009 7:46:33 AM
System Uptime: 10/6/2012 5:39:31 AM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | CPU 1 | 2400/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 314.082 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.79 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Shrew Soft Lightweight Filter
Device ID: ROOT\LEGACY_VFLT\0000
Manufacturer:
Name: Shrew Soft Lightweight Filter
PNP Device ID: ROOT\LEGACY_VFLT\0000
Service: vflt
.
==== System Restore Points ===================
.
RP400: 10/4/2012 9:14:34 PM - Installed Rapport
RP401: 10/4/2012 9:35:45 PM - Windows Update
RP403: 10/5/2012 5:20:39 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Anapod CopyGear (remove only)
Anapod Explorer (remove only)
Apple Application Support
Apple Software Update
ArcadeCandy
C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco AnyConnect VPN Client
Cisco Connect
Cisco Network Magic
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Dell USB Enhanced Multimedia Keyboard Patch
DirectX for Managed Code Update (Summer 2004)
eFax Messenger
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
EVGA Precision 1.8.0
exPressit S.E. 3.0
Facebook Plug-In
FlatOut
Flatout Ultimate Carnage
Flock (2.5.2)
Free iPad Video Converter 3.7.0.1
Free Mp3 Wma Converter V 1.91
Google Chrome
Google Earth
Google Update Helper
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Minnesota 2010
H&R Block Minnesota 2011
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart TV
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
IKEA Home Planner
Intel(R) Rapid Storage Technology
Java 7 Update 7
Java Auto Updater
Juno Preloader
LabelPrint
LightScribe System Software
LiveUpdate 3.3 (Symantec Corporation)
LUXOR Adventures
Magic M4A to MP3 Converter 3.72
Maintenance Samsung CLP-320 Series
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Security Scan Plus
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoGP 08
MozBackup 1.4.9
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 15.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
Need for Speed™ ProStreet
Network Magic
NVIDIA PhysX
OKI LPR Utility
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Picasa 3
Plants vs. Zombies
Power2Go
PowerDirector
Pure Networks Platform
Python 2.6 pywin32-212
Python 2.6.1
QuickBooks
QuickBooks Pro 2009
QuickTime
Rapport
Readiris Pro 10
Realtek High Definition Audio Driver
Samsung SCX-4200 Series
Search Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shockwave
Simple Cover Printer
SmarThru 4
sp43204
Spotify
SupportSoft Assisted Service
Tiger Woods PGA TOUR 07
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
WebEx Support Manager for Internet Explorer
WildTangent Games
WildTangent Games App (HP Games)
WildTangent ORB Game Console
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Zuma's Revenge!
.
==== Event Viewer Messages From Past Week ========
.
9/29/2012 8:40:20 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.130 did not allow the name to be claimed by this computer.
10/5/2012 9:53:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt
10/5/2012 9:53:27 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
10/5/2012 9:11:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/5/2012 7:43:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
10/5/2012 5:46:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ANNE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A6BBE4B-4C40-4CB9-ADA0-C6F2FC37798C}. The master browser is stopping or an election is being forced.
10/4/2012 8:27:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.876.0).
10/4/2012 8:20:55 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
10/4/2012 8:19:58 AM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
10/4/2012 5:47:35 PM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
Hey DMJ,

thanks for the quick reply. Here is what I have.
# AdwCleaner v2.003 - Logfile created 10/06/2012 at 13:55:42
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : John - HP-PAVILLION
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\virus & malware\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

ADW file uploaded

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 14:17:45
-----------------------------
14:17:45.171 OS Version: Windows x64 6.1.7601 Service Pack 1
14:17:45.171 Number of processors: 2 586 0xF0D
14:17:45.171 ComputerName: HP-PAVILLION UserName: John
14:17:46.201 Initialize success
14:20:32.348 AVAST engine defs: 12100601
14:22:38.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:22:38.623 Disk 0 Vendor: ST350062 HP26 Size: 476940MB BusType: 8
14:22:38.643 Disk 0 MBR read successfully
14:22:38.653 Disk 0 MBR scan
14:22:38.663 Disk 0 unknown MBR code
14:22:38.663 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463869 MB offset 63
14:22:38.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13068 MB offset 950003775
14:22:38.763 Disk 0 scanning C:\Windows\system32\drivers
14:22:55.604 Service scanning
14:23:30.191 Modules scanning
14:23:30.201 Disk 0 trace - called modules:
14:23:30.241 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:23:30.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005531710]
14:23:30.261 3 CLASSPNP.SYS[fffff88000dd043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80052dd050]
14:23:31.321 AVAST engine scan C:\Windows
14:23:38.483 AVAST engine scan C:\Windows\system32
14:29:26.650 AVAST engine scan C:\Windows\system32\drivers
14:29:50.276 AVAST engine scan C:\Users\John
14:53:50.773 AVAST engine scan C:\ProgramData
15:01:13.626 Scan finished successfully
15:04:44.237 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\virus & malware\MBR.dat"
15:04:44.257 The log file has been saved successfully to "C:\Users\John\Desktop\virus & malware\aswMBR.txt"
 

Attachments

  • MBR.txt
    512 bytes · Views: 1
  • AdwCleaner[S2].txt
    1.1 KB · Views: 0
Sure, sorry, too many logs I forgot to load this one. It is attached
 

Attachments

  • TDSSKiller.2.8.10.0_06.10.2012_14.02.15_log.txt
    233.7 KB · Views: 1
Excellent work! No problem at all...

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Here is the log from DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by John at 17:32:31 on 2012-10-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5119.3385 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\spool\DRIVERS\x64\3\OPHALDCS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\taskhost.exe
C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: samsungsetup.com\www
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8A6BBE4B-4C40-4CB9-ADA0-C6F2FC37798C} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
BHO-X64: Search Results Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
BHO-X64: ArcadeCandy Games - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.startribune.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-15 397720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-10-10 20376]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-14 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-5 399432]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-8 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250808]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
.
=============== Created Last 30 ================
.
2012-10-09 07:49:07 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38DFAE3C-70F6-483C-A938-8027C5108E9B}\mpengine.dll
2012-10-05 22:44:56 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-05 02:35:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-10-05 02:35:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-10-05 02:06:56 98816 ----a-w- C:\Windows\sed.exe
2012-10-05 02:06:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-10-05 02:06:56 256000 ----a-w- C:\Windows\PEV.exe
2012-10-05 02:06:56 208896 ----a-w- C:\Windows\MBR.exe
2012-10-04 13:37:18 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-10-04 13:26:51 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-09-26 03:30:22 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-15 14:07:01 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-15 14:06:41 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 13:18:54 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-15 13:17:26 -------- d-----w- C:\Program Files\iPod
2012-09-15 13:17:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 13:17:25 -------- d-----w- C:\Program Files\iTunes
2012-09-15 13:17:25 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-14 23:59:11 -------- d-----w- C:\Program Files (x86)\toolbar2
2012-09-14 23:58:37 -------- d-----w- C:\Users\John\AppData\Local\ArcadeCandy
2012-09-12 16:44:15 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 16:44:15 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 16:44:13 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 16:44:13 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 16:44:11 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 16:44:11 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 16:44:10 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
==================== Find3M ====================
.
2012-10-08 20:58:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:58:31 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-22 21:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-09-15 14:06:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:34:54.46 ===============
 

Attachments

  • DDS-attach.txt
    12.6 KB · Views: 0
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
OK, I ran ESET and no threats were found and no log to produce.

I still get popups and hyperlinks in text on webpages that produce ads in Firefox. IE and Chrome are not affected. Firefox seems to load slow. None of the other problems listed above are present.

Thanks

GT
 
Let's do the following to get rid of the adware:

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Then let me know how it's doing.
 
Ran AdwCleaner,

Here is the log

# AdwCleaner v2.003 - Logfile created 10/12/2012 at 13:50:26
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : John - HP-PAVILLION
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\virus & malware\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8858 octets] - [05/10/2012 17:33:01]
AdwCleaner[S1].txt - [9564 octets] - [05/10/2012 17:35:43]
AdwCleaner[S3].txt - [1122 octets] - [12/10/2012 13:50:26]

########## EOF - C:\AdwCleaner[S3].txt - [1182 octets] ##########
 
Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    DRIVES
    SHOWHIDDEN
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
  • Click the Run Scan button. The scan will not take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
Ran OTL, Log files are too big to post they are attached
 

Attachments

  • OTL.Txt
    283.5 KB · Views: 1
  • Extras.Txt
    90.9 KB · Views: 1
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    IE:64bit:- HKLM\..\SearchScopes\{F894538C-F688-4B40-A3C5-56F687A4C8CE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{F894538C-F688-4B40-A3C5-56F687A4C8CE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\John\AppData\Local\ArcadeCandy\games@acandy.com [2012/09/14 18:58:39 | 000,000,000 | ---D | M]
    CHR - Extension: ArcadeCandy Games = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\
    O2 - BHO: (Search Results Toolbar) - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
    O2 - BHO: (ArcadeCandy Games) - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
    O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    [2012/09/14 18:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\toolbar2
    [2012/09/14 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy
    [2012/09/14 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\ArcadeCandy

    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{6A2EF989-A524-48bf-985F-9D076B334980}"=-

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
 
Here it the OTL log after running FIX

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: support@predictad.com:1.11 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com deleted successfully.
C:\Users\John\AppData\Local\ArcadeCandy\games@acandy.com\components folder moved successfully.
C:\Users\John\AppData\Local\ArcadeCandy\games@acandy.com\chrome folder moved successfully.
C:\Users\John\AppData\Local\ArcadeCandy\games@acandy.com folder moved successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ deleted successfully.
C:\Program Files (x86)\toolbar2\searchresultsDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}\ deleted successfully.
C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{348bd83c-b2cd-4319-a605-c96bb458dd80} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ not found.
File C:\Program Files (x86)\toolbar2\searchresultsDx.dll not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
C:\Program Files (x86)\toolbar2\components folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib\debugbar folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\skin folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\locale\toolbar folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\locale\lib folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\locale folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\data\weather folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\data\search folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\data\rss folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\data\dynamicElements folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\data folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\js folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin\scripts folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\js folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\css folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\newtab\images folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\newtab folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome\content folder moved successfully.
C:\Program Files (x86)\toolbar2\chrome folder moved successfully.
C:\Program Files (x86)\toolbar2 folder moved successfully.
C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy folder moved successfully.
C:\Users\John\AppData\Local\ArcadeCandy folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{6A2EF989-A524-48bf-985F-9D076B334980} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A2EF989-A524-48bf-985F-9D076B334980}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 985472220 bytes
->Temporary Internet Files folder emptied: 12539356 bytes
->Java cache emptied: 1360284 bytes
->FireFox cache emptied: 78839567 bytes
->Google Chrome cache emptied: 87888879 bytes
->Flash cache emptied: 3359 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 677876 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67228 bytes
RecycleBin emptied: 450886423 bytes

Total Files Cleaned = 1,543.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142012_164511

Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\WebEx\Log\1012\atashost.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Please tell me about any other issues. Have the ones you mentioned before been resolved? What else is issue?
 
Status
Not open for further replies.
Back