TechSpot

Firefox is hijacked

Solved
By granpaturismo
Oct 6, 2012
Topic Status:
Not open for further replies.
  1. When using Firefox I get redirected when navigating to a new page. Either a new tab opens, or a pop-up opens or both, that take me to a page with a product or service similar to my intended destination. Also Hyperlinks on words on any page I am on provide pop-ups on hover. Other browsers, IE and Chrome, seem to be unaffected.

    My system is Intel Pentium Dual E2200 2.4GHz, 5GB RAM
    Windows 7 Home Premium SP1

    I am running Windows Defender and Symantec Endpoint 11.0

    Logs below:

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.05.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    John :: HP-PAVILLION [administrator]

    Protection: Enabled

    10/5/2012 9:34:58 PM
    mbam-log-2012-10-05 (21-34-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208688
    Time elapsed: 6 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\John\Downloads\CP1.2.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.

    (end)

    GMER found no problems and did not create a log

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by John at 7:02:04 on 2012-10-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5119.3571 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\OPHALDCS.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [NWEReboot]
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: samsungsetup.com\www
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{8A6BBE4B-4C40-4CB9-ADA0-C6F2FC37798C} : DhcpNameServer = 75.75.76.76 75.75.75.75
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    BHO-X64: Search Results Toolbar - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
    BHO-X64: ArcadeCandy Games - No File
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [(Default)]
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [NWEReboot]
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.startribune.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-15 397720]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-10-10 20376]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-14 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-5 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-8 676936]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-22 976728]
    R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-7-20 2440632]
    R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-22 296320]
    R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-22 116104]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250288]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-05 22:44:56 -------- d-----w- C:\Program Files (x86)\ESET
    2012-10-05 21:21:53 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0EC7F9F-632D-4BF1-B840-DB53A5395F7C}\offreg.dll
    2012-10-05 07:05:23 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0EC7F9F-632D-4BF1-B840-DB53A5395F7C}\mpengine.dll
    2012-10-05 02:35:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-10-05 02:35:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-10-05 02:12:24 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-10-05 02:06:56 98816 ----a-w- C:\Windows\sed.exe
    2012-10-05 02:06:56 518144 ----a-w- C:\Windows\SWREG.exe
    2012-10-05 02:06:56 256000 ----a-w- C:\Windows\PEV.exe
    2012-10-05 02:06:56 208896 ----a-w- C:\Windows\MBR.exe
    2012-10-05 02:06:42 -------- d-s---w- C:\ComboFix
    2012-10-04 13:37:18 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2012-10-04 13:26:51 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-09-26 03:30:22 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-15 14:07:01 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-15 14:06:41 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-15 13:18:54 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-15 13:17:26 -------- d-----w- C:\Program Files\iPod
    2012-09-15 13:17:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-15 13:17:25 -------- d-----w- C:\Program Files\iTunes
    2012-09-15 13:17:25 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-09-14 23:59:11 -------- d-----w- C:\Program Files (x86)\toolbar2
    2012-09-14 23:58:37 -------- d-----w- C:\Users\John\AppData\Local\ArcadeCandy
    2012-09-12 16:44:15 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 16:44:15 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 16:44:13 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 16:44:13 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 16:44:11 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 16:44:11 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 16:44:10 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ==================== Find3M ====================
    .
    2012-09-22 21:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2012-09-20 20:29:35 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-20 20:29:35 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-15 14:06:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-09 18:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-07-09 18:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    .
    ============= FINISH: 7:03:19.82 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/31/2009 7:46:33 AM
    System Uptime: 10/6/2012 5:39:31 AM (2 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | CPU 1 | 2400/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 314.082 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.79 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Shrew Soft Lightweight Filter
    Device ID: ROOT\LEGACY_VFLT\0000
    Manufacturer:
    Name: Shrew Soft Lightweight Filter
    PNP Device ID: ROOT\LEGACY_VFLT\0000
    Service: vflt
    .
    ==== System Restore Points ===================
    .
    RP400: 10/4/2012 9:14:34 PM - Installed Rapport
    RP401: 10/4/2012 9:35:45 PM - Windows Update
    RP403: 10/5/2012 5:20:39 PM - Windows Defender Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.5.2 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.5
    Anapod CopyGear (remove only)
    Anapod Explorer (remove only)
    Apple Application Support
    Apple Software Update
    ArcadeCandy
    C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Cisco AnyConnect VPN Client
    Cisco Connect
    Cisco Network Magic
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    D3DX10
    Dell USB Enhanced Multimedia Keyboard Patch
    DirectX for Managed Code Update (Summer 2004)
    eFax Messenger
    Enhanced Multimedia Keyboard Solution
    ESET Online Scanner v3
    EVGA Precision 1.8.0
    exPressit S.E. 3.0
    Facebook Plug-In
    FlatOut
    Flatout Ultimate Carnage
    Flock (2.5.2)
    Free iPad Video Converter 3.7.0.1
    Free Mp3 Wma Converter V 1.91
    Google Chrome
    Google Earth
    Google Update Helper
    H&R Block Deluxe + Efile + State 2010
    H&R Block Deluxe + Efile + State 2011
    H&R Block Minnesota 2010
    H&R Block Minnesota 2011
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart TV
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    IKEA Home Planner
    Intel(R) Rapid Storage Technology
    Java 7 Update 7
    Java Auto Updater
    Juno Preloader
    LabelPrint
    LightScribe System Software
    LiveUpdate 3.3 (Symantec Corporation)
    LUXOR Adventures
    Magic M4A to MP3 Converter 3.72
    Maintenance Samsung CLP-320 Series
    Malwarebytes Anti-Malware version 1.65.0.1400
    McAfee Security Scan Plus
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MotoGP 08
    MozBackup 1.4.9
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 15.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    muvee Reveal
    Need for Speed™ ProStreet
    Network Magic
    NVIDIA PhysX
    OKI LPR Utility
    Pdf995 (installed by H&R Block)
    PdfEdit995 (installed by H&R Block)
    Picasa 3
    Plants vs. Zombies
    Power2Go
    PowerDirector
    Pure Networks Platform
    Python 2.6 pywin32-212
    Python 2.6.1
    QuickBooks
    QuickBooks Pro 2009
    QuickTime
    Rapport
    Readiris Pro 10
    Realtek High Definition Audio Driver
    Samsung SCX-4200 Series
    Search Results Toolbar
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Shockwave
    Simple Cover Printer
    SmarThru 4
    sp43204
    Spotify
    SupportSoft Assisted Service
    Tiger Woods PGA TOUR 07
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    WebEx Support Manager for Internet Explorer
    WildTangent Games
    WildTangent Games App (HP Games)
    WildTangent ORB Game Console
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Zuma's Revenge!
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/29/2012 8:40:20 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.122. The computer with the IP address 192.168.1.130 did not allow the name to be claimed by this computer.
    10/5/2012 9:53:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt
    10/5/2012 9:53:27 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    10/5/2012 9:11:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/5/2012 7:43:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    10/5/2012 5:46:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ANNE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A6BBE4B-4C40-4CB9-ADA0-C6F2FC37798C}. The master browser is stopping or an election is being forced.
    10/4/2012 8:27:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.137.876.0).
    10/4/2012 8:20:55 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    10/4/2012 8:19:58 AM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
    10/4/2012 5:47:35 PM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
     
  3. granpaturismo

    granpaturismo TS Rookie Topic Starter

    Hey DMJ,

    thanks for the quick reply. Here is what I have.
    # AdwCleaner v2.003 - Logfile created 10/06/2012 at 13:55:42
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : John - HP-PAVILLION
    # Boot Mode : Normal
    # Running from : C:\Users\John\Desktop\virus & malware\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0 (en-US)

    Profile name : default
    File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v22.0.1229.79

    File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    ADW file uploaded

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-06 14:17:45
    -----------------------------
    14:17:45.171 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:17:45.171 Number of processors: 2 586 0xF0D
    14:17:45.171 ComputerName: HP-PAVILLION UserName: John
    14:17:46.201 Initialize success
    14:20:32.348 AVAST engine defs: 12100601
    14:22:38.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:22:38.623 Disk 0 Vendor: ST350062 HP26 Size: 476940MB BusType: 8
    14:22:38.643 Disk 0 MBR read successfully
    14:22:38.653 Disk 0 MBR scan
    14:22:38.663 Disk 0 unknown MBR code
    14:22:38.663 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463869 MB offset 63
    14:22:38.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13068 MB offset 950003775
    14:22:38.763 Disk 0 scanning C:\Windows\system32\drivers
    14:22:55.604 Service scanning
    14:23:30.191 Modules scanning
    14:23:30.201 Disk 0 trace - called modules:
    14:23:30.241 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    14:23:30.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005531710]
    14:23:30.261 3 CLASSPNP.SYS[fffff88000dd043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80052dd050]
    14:23:31.321 AVAST engine scan C:\Windows
    14:23:38.483 AVAST engine scan C:\Windows\system32
    14:29:26.650 AVAST engine scan C:\Windows\system32\drivers
    14:29:50.276 AVAST engine scan C:\Users\John
    14:53:50.773 AVAST engine scan C:\ProgramData
    15:01:13.626 Scan finished successfully
    15:04:44.237 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\virus & malware\MBR.dat"
    15:04:44.257 The log file has been saved successfully to "C:\Users\John\Desktop\virus & malware\aswMBR.txt"
     

    Attached Files:

  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Were you able to run TDSSKiller?
     
  5. granpaturismo

    granpaturismo TS Rookie Topic Starter

    Sure, sorry, too many logs I forgot to load this one. It is attached
     

    Attached Files:

  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work! No problem at all...

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. granpaturismo

    granpaturismo TS Rookie Topic Starter

    Hey Dragon master jay,

    The ComboFix log is attached
     

    Attached Files:

  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run DDS again and post a log, so we can look for remnants here...
     
  9. granpaturismo

    granpaturismo TS Rookie Topic Starter

    Here is the log from DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by John at 17:32:31 on 2012-10-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5119.3385 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\OPHALDCS.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\system32\prevhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\John\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: samsungsetup.com\www
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{8A6BBE4B-4C40-4CB9-ADA0-C6F2FC37798C} : DhcpNameServer = 75.75.76.76 75.75.75.75
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    BHO-X64: Search Results Toolbar - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll
    BHO-X64: ArcadeCandy Games - No File
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    mRun-x64: [(Default)]
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.startribune.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-15 397720]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-10-10 20376]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-14 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-5 399432]
    R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-8 676936]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250808]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-09 07:49:07 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38DFAE3C-70F6-483C-A938-8027C5108E9B}\mpengine.dll
    2012-10-05 22:44:56 -------- d-----w- C:\Program Files (x86)\ESET
    2012-10-05 02:35:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-10-05 02:35:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-10-05 02:06:56 98816 ----a-w- C:\Windows\sed.exe
    2012-10-05 02:06:56 518144 ----a-w- C:\Windows\SWREG.exe
    2012-10-05 02:06:56 256000 ----a-w- C:\Windows\PEV.exe
    2012-10-05 02:06:56 208896 ----a-w- C:\Windows\MBR.exe
    2012-10-04 13:37:18 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2012-10-04 13:26:51 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-09-26 03:30:22 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-15 14:07:01 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-15 14:06:41 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-15 13:18:54 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-15 13:17:26 -------- d-----w- C:\Program Files\iPod
    2012-09-15 13:17:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-15 13:17:25 -------- d-----w- C:\Program Files\iTunes
    2012-09-15 13:17:25 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-09-14 23:59:11 -------- d-----w- C:\Program Files (x86)\toolbar2
    2012-09-14 23:58:37 -------- d-----w- C:\Users\John\AppData\Local\ArcadeCandy
    2012-09-12 16:44:15 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 16:44:15 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 16:44:13 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 16:44:13 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 16:44:11 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 16:44:11 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 16:44:10 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ==================== Find3M ====================
    .
    2012-10-08 20:58:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 20:58:31 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-22 21:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2012-09-15 14:06:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 17:34:54.46 ===============
     

    Attached Files:

  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  11. granpaturismo

    granpaturismo TS Rookie Topic Starter

    OK, I ran ESET and no threats were found and no log to produce.

    I still get popups and hyperlinks in text on webpages that produce ads in Firefox. IE and Chrome are not affected. Firefox seems to load slow. None of the other problems listed above are present.

    Thanks

    GT
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's do the following to get rid of the adware:

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

    Then let me know how it's doing.
     
  13. granpaturismo

    granpaturismo TS Rookie Topic Starter

    Ran AdwCleaner,

    Here is the log

    # AdwCleaner v2.003 - Logfile created 10/12/2012 at 13:50:26
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : John - HP-PAVILLION
    # Boot Mode : Normal
    # Running from : C:\Users\John\Desktop\virus & malware\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0 (en-US)

    Profile name : default
    File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qvycie4t.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [8858 octets] - [05/10/2012 17:33:01]
    AdwCleaner[S1].txt - [9564 octets] - [05/10/2012 17:35:43]
    AdwCleaner[S3].txt - [1122 octets] - [12/10/2012 13:50:26]

    ########## EOF - C:\AdwCleaner[S3].txt - [1182 octets] ##########
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    • Click the Run Scan button. The scan will not take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  15. granpaturismo

    granpaturismo TS Rookie Topic Starter

    Ran OTL, Log files are too big to post they are attached
     

    Attached Files:

  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
     
  17. granpaturismo

    granpaturismo TS Rookie Topic Starter

    Here it the OTL log after running FIX

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F894538C-F688-4B40-A3C5-56F687A4C8CE}\ not found.
    Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: support@predictad.com:1.11 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com deleted successfully.
    C:\Users\John\AppData\Local\ArcadeCandy\games@acandy.com\components folder moved successfully.
    C:\Users\John\AppData\Local\ArcadeCandy\games@acandy.com\chrome folder moved successfully.
    C:\Users\John\AppData\Local\ArcadeCandy\games@acandy.com folder moved successfully.
    C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0 folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ deleted successfully.
    C:\Program Files (x86)\toolbar2\searchresultsDx.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}\ deleted successfully.
    C:\Users\John\AppData\Local\ArcadeCandy\candyEX.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{348bd83c-b2cd-4319-a605-c96bb458dd80} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ not found.
    File C:\Program Files (x86)\toolbar2\searchresultsDx.dll not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    C:\Program Files (x86)\toolbar2\components folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\searchbar folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\options folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton\panels folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton\icons folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\weatherbutton folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\uwa folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\radio\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\radio\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\radio folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default\scripts folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\default folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\panels folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib\debugbar folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin\lib folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\skin folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\locale\toolbar folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\locale\lib folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\locale folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\data\weather folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\data\search folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\data\rss folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\data\dynamicElements folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\data folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\js folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin\scripts folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\skin folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\js folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate\css folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets\net.vmn.www.Bizrate folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\widgets folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\newtab\images folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\newtab folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\modules folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content\lib folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome\content folder moved successfully.
    C:\Program Files (x86)\toolbar2\chrome folder moved successfully.
    C:\Program Files (x86)\toolbar2 folder moved successfully.
    C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy folder moved successfully.
    C:\Users\John\AppData\Local\ArcadeCandy folder moved successfully.
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{6A2EF989-A524-48bf-985F-9D076B334980} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A2EF989-A524-48bf-985F-9D076B334980}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41044 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: John
    ->Temp folder emptied: 985472220 bytes
    ->Temporary Internet Files folder emptied: 12539356 bytes
    ->Java cache emptied: 1360284 bytes
    ->FireFox cache emptied: 78839567 bytes
    ->Google Chrome cache emptied: 87888879 bytes
    ->Flash cache emptied: 3359 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 155648 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 677876 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67228 bytes
    RecycleBin emptied: 450886423 bytes

    Total Files Cleaned = 1,543.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10142012_164511

    Files\Folders moved on Reboot...
    C:\Users\John\AppData\Local\Temp\ehmsas.txt moved successfully.
    C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\WebEx\Log\1012\atashost.log moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please tell me about any other issues. Have the ones you mentioned before been resolved? What else is issue?
     
  19. granpaturismo

    granpaturismo TS Rookie Topic Starter

    I believe that all my issues are solved, thanks for your help
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Topic marked solved.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.