Inactive Funmoods malware freezing up my laptop

andreespat

Posts: 21   +0
I recently found out that the funmoods malware has infected my laptop. How should I go about trying to remove it?
 
Hello, and welcome back to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Sorry about the lack of introduction. I was kind of in a rush and the guy helping me from the previous thread never mentioned it.

I used malwarebytes when I first noticed something wrong with my laptop and got rid of most of the quarantined files then, but here's the log:

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andre :: HAL9000 [administrator]

12/5/2012 1:15:22 AM
mbam-log-2012-12-05 (01-15-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212875
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 28
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchfunmoods.com/?f=1&a=do...AtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=do...AtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Andre\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Andre\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Andre\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2010 7:17:30 PM
System Uptime: 12/7/2012 2:21:15 PM (0 hours ago)
.
Motherboard: Acer | | Aspire 5251
Processor: AMD V120 Processor | Socket S1G4 | 1584/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 102.119 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050A J611 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Deskjet 3050A J611 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: HP
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 5510 series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: HP
Name: Photosmart 5510 series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
==== System Restore Points ===================
.
RP305: 11/21/2012 1:08:49 AM - Scheduled Checkpoint
RP306: 11/28/2012 1:54:51 AM - Scheduled Checkpoint
RP307: 11/28/2012 1:16:09 PM - Windows Update
RP308: 12/5/2012 11:07:46 PM - Removed ASPCA Reminder by We-Care.com v5.0.5.1
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
7-Zip 9.20
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVG 2013
Backup Manager Basic
BitTorrent
Bonjour
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 9
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
eSobi v2
Fax
FormatFactory 2.96
Google Chrome
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Product Detection
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Identity Card
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 6 Update 37
Junk Mail filter update
Last.fm 1.5.4.27091
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 10.0.11 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MyWinLocker
MyWinLocker Suite
Network64
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OCR Software by I.R.I.S. 13.0
Plants vs. Zombies
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Scrabble Plus
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Shop for HP Supplies
Shredder
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Status
swMSM
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.2
WebReg
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/7/2012 2:22:36 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/7/2012 2:22:15 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
12/7/2012 2:22:06 PM, Error: volmgr [46] - Crash dump initialization failed!
12/5/2012 7:09:11 PM, Error: NetBT [4321] - The name "HAL9000 :0" could not be registered on the interface with IP address 192.168.1.13. The computer with the IP address 169.254.146.5 did not allow the name to be claimed by this computer.
12/5/2012 7:09:10 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{99FAD201-D5A5-4844-905D-3B5500AE8C0C} because another computer on the network has the same name. The server could not start.
12/5/2012 7:09:10 PM, Error: NetBT [4321] - The name "HAL9000 :20" could not be registered on the interface with IP address 192.168.1.13. The computer with the IP address 169.254.146.5 did not allow the name to be claimed by this computer.
12/5/2012 5:12:28 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/5/2012 1:34:55 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2012 11:43:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
12/3/2012 2:38:25 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
11/30/2012 2:14:35 PM, Error: NetBT [4321] - The name "HAL9000 :20" could not be registered on the interface with IP address 192.168.1.34. The computer with the IP address 169.254.146.5 did not allow the name to be claimed by this computer.
11/30/2012 2:14:35 PM, Error: NetBT [4321] - The name "HAL9000 :0" could not be registered on the interface with IP address 192.168.1.34. The computer with the IP address 169.254.146.5 did not allow the name to be claimed by this computer.
11/30/2012 10:33:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.
.
==== End Of File ===========================
 

DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37
Run by Andre at 14:32:22 on 2012-12-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.573 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andre\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{99FAD201-D5A5-4844-905D-3B5500AE8C0C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{99FAD201-D5A5-4844-905D-3B5500AE8C0C}\14E6769656D2053402E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{99FAD201-D5A5-4844-905D-3B5500AE8C0C}\341626C65675966496 : DHCPNameServer = 65.32.5.74 65.32.5.75
TCP: Interfaces\{99FAD201-D5A5-4844-905D-3B5500AE8C0C}\3686964716479647F6 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{99FAD201-D5A5-4844-905D-3B5500AE8C0C}\47D6F62696C656 : DHCPNameServer = 66.94.9.120 66.94.25.120
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtAtCyDyEyC0E0CyBtC0FtN0D0Tzu0CtAtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: PFW - <no file>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Andre\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-16 20:44; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - ExtSQL: 2012-10-21 23:34; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-23 10:51; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: 2012-11-25 11:58; [email protected]; C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\[email protected]
FF - ExtSQL: 2012-12-01 14:50; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2012-12-01 14:52; [email protected]; C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2011-04-16 23:40; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtAtCyDyEyC0E0CyBtC0FtN0D0Tzu0CtAtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtAtCyDyEyC0E0CyBtC0FtN0D0Tzu0CtAtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtAtCyDyEyC0E0CyBtC0FtN0D0Tzu0CtAtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451&q=
FF - user.js: extensions.funmoods.id - 78E40031546EC71F
FF - user.js: extensions.funmoods.instlDay - 15669
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2215:17:5
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-2 202752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-2 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-25 865824]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-4-2 321064]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-4-25 38456]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-2 239136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
.
=============== Created Last 30 ================
.
2012-12-06 02:05:56 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-11-14 05:47:13 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 05:47:12 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 05:47:12 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 05:47:12 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 05:43:59 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-11-14 05:43:59 384000 ----a-w- C:\Windows\System32\wksprt.exe
2012-11-14 05:43:59 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-11-14 05:43:59 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2012-11-14 05:43:59 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-11-14 05:43:59 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-11-14 05:43:58 5773824 ----a-w- C:\Windows\System32\mstscax.dll
2012-11-14 05:14:43 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 05:14:42 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 05:14:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 05:14:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 05:14:40 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 05:14:40 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 05:14:40 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 05:10:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-14 05:10:59 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-14 05:10:58 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-14 05:10:58 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-14 05:10:58 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 05:10:58 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-14 05:10:58 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-14 05:10:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-14 05:10:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
.
==================== Find3M ====================
.
2012-11-13 04:23:49 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 04:23:49 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 22:34:08 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-24 19:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 14:42:15.38 ===============


ADWcleaner:
# AdwCleaner v2.011 - Logfile created 12/07/2012 at 15:11:38
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andre - HAL9000
# Boot Mode : Normal
# Running from : C:\Users\Andre\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Andre\AppData\Local\funmoods-speeddial_sf.crx
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\WeCareReminder

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtAtCyDyEyC0E0CyBtC0FtN0D0Tzu0CtAtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtAtCyDyEyC0E0CyBtC0FtN0D0Tzu0CtAtAtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127914451 --> hxxp://www.google.com

-\\ Mozilla Firefox v10.0.11 (en-US)

Profile name : default
File : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\prefs.js

C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "0D78F66DEEAD92AAF4D6DC9050F65F4B");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "78E40031546EC71F");
Deleted : user_pref("extensions.funmoods.instlDay", "15669");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:17:5");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:17:5");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "25-10-2012");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:17:5");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0E[...]
Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted [l.1699] : homepage = "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzz0EyEt[...]
Deleted [l.2029] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2X[...]

*************************

AdwCleaner[S1].txt - [9537 octets] - [07/12/2012 15:11:38]

########## EOF - C:\AdwCleaner[S1].txt - [9597 octets] ##########
 
Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andre :: HAL9000 [administrator]

12/8/2012 2:04:54 AM
mbam-log-2012-12-08 (02-04-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213505
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ComboFix:
ComboFix 12-12-07.01 - Andre 12/08/2012 2:23.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.757 [GMT -5:00]
Running from: c:\users\Andre\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andre\AppData\Roaming\Love
c:\users\Andre\AppData\Roaming\Love\hawkthorne\gamesave-2.json
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 07:35 . 2012-12-08 07:35--------d-----w-c:\users\Public\AppData\Local\temp
2012-12-08 07:35 . 2012-12-08 07:35--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-06 03:23 . 2012-12-06 03:23--------d-----w-c:\programdata\NVIDIA
2012-12-06 02:05 . 2012-12-08 06:54--------d-----w-c:\program files (x86)\SpeedFan
2012-11-14 05:47 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 05:47 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 05:47 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 05:47 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-14 05:43 . 2012-08-23 11:14384000----a-w-c:\windows\system32\wksprt.exe
2012-11-14 05:43 . 2012-08-23 10:51228864----a-w-c:\windows\system32\rdpendp_winip.dll
2012-11-14 05:43 . 2012-08-23 10:391048064----a-w-c:\windows\SysWow64\mstsc.exe
2012-11-14 05:43 . 2012-08-23 10:221123840----a-w-c:\windows\system32\mstsc.exe
2012-11-14 05:43 . 2012-08-23 09:513174912----a-w-c:\windows\system32\rdpcorets.dll
2012-11-14 05:43 . 2012-08-23 08:194916224----a-w-c:\windows\SysWow64\mstscax.dll
2012-11-14 05:43 . 2012-08-23 08:135773824----a-w-c:\windows\system32\mstscax.dll
2012-11-14 05:23 . 2012-10-08 11:4210925568----a-w-c:\windows\system32\ieframe.dll
2012-11-14 05:14 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 05:14 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 05:14 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-14 05:14 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-14 05:14 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-14 05:14 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-14 05:14 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 05:10 . 2012-08-24 18:05340992----a-w-c:\windows\system32\schannel.dll
2012-11-14 05:10 . 2012-08-24 16:57247808----a-w-c:\windows\SysWow64\schannel.dll
2012-11-14 05:10 . 2012-08-24 18:13154480----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-11-14 05:10 . 2012-08-24 18:09458712----a-w-c:\windows\system32\drivers\cng.sys
2012-11-14 05:10 . 2012-08-24 18:04307200----a-w-c:\windows\system32\ncrypt.dll
2012-11-14 05:10 . 2012-08-24 18:031448448----a-w-c:\windows\system32\lsasrv.dll
2012-11-14 05:10 . 2012-08-24 16:57220160----a-w-c:\windows\SysWow64\ncrypt.dll
2012-11-14 05:10 . 2012-08-24 16:5722016----a-w-c:\windows\SysWow64\secur32.dll
2012-11-14 05:10 . 2012-08-24 16:5396768----a-w-c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 05:16 . 2010-10-29 02:4666395536----a-w-c:\windows\system32\MRT.exe
2012-11-13 04:23 . 2012-04-09 02:32697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-13 04:23 . 2011-05-23 16:4873656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:1294208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:1269632----a-w-c:\windows\SysWow64\QuickTime.qts
2012-10-22 18:02 . 2012-10-22 18:02154464----a-w-c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 16:31135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 16:31350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 16:31561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-15 08:48 . 2012-10-15 08:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
2012-10-08 22:34 . 2012-10-08 22:3410220472----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 08:32 . 2012-10-05 08:32111456----a-w-c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 07:30 . 2012-10-02 07:30185696----a-w-c:\windows\system32\drivers\avgldx64.sys
2012-09-30 00:54 . 2011-12-23 01:0225928----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-24 19:32 . 2012-06-18 18:56477168----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2010-08-02 02:49473072----a-w-c:\windows\SysWow64\deployJava1.dll
2012-09-21 07:46 . 2012-09-21 07:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
2012-09-21 07:46 . 2012-09-21 07:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-10 16:342048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 16:342048----a-w-c:\windows\SysWow64\tzres.dll
2012-09-14 07:05 . 2012-09-14 07:0540800----a-w-c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03120176----a-w-c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-18 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-08 239136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-17 202752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-20 321064]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 04:23]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586512135-2972095399-1056555825-1001Core.job
- c:\users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 22:59]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1586512135-2972095399-1056555825-1001UA.job
- c:\users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 22:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06137584----a-w-c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - ExtSQL: 2012-10-16 20:44; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - ExtSQL: 2012-10-21 23:34; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-23 10:51; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: 2012-11-25 11:58; [email protected]; c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\[email protected]
FF - ExtSQL: 2012-12-01 14:50; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: 2012-12-01 14:52; [email protected]; c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\sb105d98.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2011-04-16 23:40; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1586512135-2972095399-1056555825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1586512135-2972095399-1056555825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1586512135-2972095399-1056555825-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1586512135-2972095399-1056555825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1586512135-2972095399-1056555825-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1586512135-2972095399-1056555825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1586512135-2972095399-1056555825-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1586512135-2972095399-1056555825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1586512135-2972095399-1056555825-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1586512135-2972095399-1056555825-1001)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-12-08 02:48:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-08 07:48
.
Pre-Run: 109,085,995,008 bytes free
Post-Run: 108,639,707,136 bytes free
.
- - End Of File - - BD52475CBEE31E4F2DFA0D7B808FD018
 
Good job!

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.


Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
 
Sorry about the delay. I did the JRT scan, but haven't found time to post it from my laptop. I've also been swamped with finals and trying to find somewhere I could make a backup. I'll try to get them up as quick as possible.
 
Back