Issue with ads in browser corner and redirected websearches

Inactive
By BlondeOrleans
Jan 9, 2013
  1. Hi, I've been going through old posts to see if anything would work on my computer for the issues above. So far, it hasn't been fixed yet. I completed the required "4 step viruses/spyware/malware removal preliminary instructions" to no avail. Below is the report from by DDS report log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by Amber at 8:53:13 on 2013-01-09
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7166.5383 [GMT -6:00]
    .
    AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\hp\HPEZBTN\HPBtnSrv.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\SysWOW64\PNUpdate.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\msiexec.exe
    C:\hp\kbd\kbd.exe
    C:\Users\Amber\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Amber\Downloads\tdsskiller\TDSSKiller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.lacitizens.com/
    uSearch Bar = Preserve
    uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\6.6\vuzeToolbarIE.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\6.6\vuzeToolbarIE.dll
    BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\6.6\vuzeToolbarIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Amber\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] C:\HP\KBD\KbdStub.EXE
    mRun: [SunJavaUpdateReg] "C:\Windows\System32\jureg.exe" -delete
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [pnuprdp] C:\Windows\SysWOW64\rundll32 C:\Windows\SysWOW64\pnuprdp.dll,RegisterVirtualChannel
    mRun: [pnupica] C:\Windows\SysWOW64\rundll32 C:\Windows\SysWOW64\pnupica6.dll,RegisterVirtualChannel
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    dRun: [GoToAssist Express Customer] "C:\Program Files (x86)\Citrix\GoToAssist Express Customer\258\g2ax_start.exe" "/Trigger RunAtLogon"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-System: DisableTaskMgr = 0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    Trusted Zone: travelers.com
    Trusted Zone: travelers.com
    Trusted Zone: travelerspc.com
    Trusted Zone: travelerspc.com
    Trusted Zone: travelersps.com
    DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{0BE03D7F-278E-49C8-A831-DD7026C2350D} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{89B45646-B115-4E80-A7AE-F4F5BB64800F} : DHCPNameServer = 192.168.1.254
    SSODL: WebCheck - <orphaned>
    x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
    x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    x64-Run: [pnuprdp] C:\Windows\System32\rundll32 C:\Windows\System32\pnuprdp.dll,RegisterVirtualChannel
    x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
    x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogonx64.dll
    x64-Notify: klogon - C:\Windows\System32\klogon.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 69.72.252.254 www.google-analytics.com.
    Hosts: 69.72.252.254 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\2xtbq5gg.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
    FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_09.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Users\Amber\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-27 203776]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-11-28 793600]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-2-3 20376]
    R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-8-28 198240]
    R2 PNUpdate;Quest Update Service;C:\Windows\SysWOW64\PNUpdate.exe -RUN --> C:\Windows\SysWOW64\PNUpdate.exe -RUN [?]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-5-18 702976]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
    S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 PCD5SRVC{E2AF211B-86DA020A-05040000};PCD5SRVC{E2AF211B-86DA020A-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\PC-DOC~1\PCD5SRVC_x64.pkms [2008-5-22 25888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-27 20992]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-19 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-09 14:38:31--------d-----w-C:\Program Files\CCleaner
    2013-01-09 05:16:515120----a-w-C:\Windows\SysWow64\wow32.dll
    2013-01-02 22:39:3295184----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-28 18:39:15--------d-----w-C:\Users\Amber\AppData\Local\Programs
    2012-12-22 09:00:2546080----a-w-C:\Windows\System32\atmlib.dll
    2012-12-22 09:00:25367616----a-w-C:\Windows\System32\atmfd.dll
    2012-12-22 09:00:2534304----a-w-C:\Windows\SysWow64\atmlib.dll
    2012-12-22 09:00:25295424----a-w-C:\Windows\SysWow64\atmfd.dll
    2012-12-12 13:35:222048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-12-12 13:35:222048----a-w-C:\Windows\System32\tzres.dll
    2012-12-12 13:35:03478208----a-w-C:\Windows\System32\dpnet.dll
    2012-12-12 13:35:03376832----a-w-C:\Windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2013-01-02 23:26:2073656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-02 23:26:20697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-14 22:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
    2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
    2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
    2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
    2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
    2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:5721504----a-w-C:\Windows\System32\grb.rs
    2012-12-07 11:19:5715360----a-w-C:\Windows\System32\djctq.rs
    2012-12-07 11:19:5655296----a-w-C:\Windows\System32\cero.rs
    2012-12-07 11:19:5551712----a-w-C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35362496----a-w-C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35243200----a-w-C:\Windows\System32\wow64.dll
    2012-11-30 05:45:3513312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14215040----a-w-C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:1216384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07424448----a-w-C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48338432----a-w-C:\Windows\System32\conhost.exe
    2012-11-30 02:44:0625600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:047680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:0414336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:032048----a-w-C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:596144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:594608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:593584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:593072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:313149824----a-w-C:\Windows\System32\win32k.sys
    2012-11-23 03:13:5768608----a-w-C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23800768----a-w-C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03626688----a-w-C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49307200----a-w-C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09220160----a-w-C:\Windows\SysWow64\ncrypt.dll
    2012-11-16 16:04:12821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-16 16:04:12746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-11-16 15:03:53112784----a-w-C:\Users\Amber\g2ax_customer_downloadhelper_win32_x86.exe
    2012-11-12 12:28:371638912----a-w-C:\Windows\System32\mshtml.tlb
    2012-11-12 11:52:181638912----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32750592----a-w-C:\Windows\System32\win32spl.dll
    2012-11-09 04:43:04492032----a-w-C:\Windows\SysWow64\win32spl.dll
    2012-11-01 05:43:422002432----a-w-C:\Windows\System32\msxml6.dll
    2012-11-01 05:43:421882624----a-w-C:\Windows\System32\msxml3.dll
    2012-11-01 04:47:541389568----a-w-C:\Windows\SysWow64\msxml6.dll
    2012-11-01 04:47:541236992----a-w-C:\Windows\SysWow64\msxml3.dll
    2012-10-27 06:26:55981504----a-w-C:\Windows\SysWow64\wininet.dll
    2012-10-27 05:51:211188864----a-w-C:\Windows\System32\wininet.dll
    2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
    .
    ============= FINISH: 8:53:44.64 ===============
  2. BlondeOrleans

    BlondeOrleans Newcomer, in training Topic Starter

    My "attach.txt" log from DDS:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/19/2011 5:49:08 PM
    System Uptime: 1/9/2013 8:42:35 AM (0 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | NARRA3
    Processor: AMD Phenom(tm) 9650 Quad-Core Processor | Socket AM2 | 1150/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 63.642 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.806 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Pure Networks Device Discovery Driver
    Device ID: ROOT\LEGACY_PNARP\0000
    Manufacturer:
    Name: Pure Networks Device Discovery Driver
    PNP Device ID: ROOT\LEGACY_PNARP\0000
    Service: pnarp
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Pure Networks Wireless Driver
    Device ID: ROOT\LEGACY_PURENDIS\0000
    Manufacturer:
    Name: Pure Networks Wireless Driver
    PNP Device ID: ROOT\LEGACY_PURENDIS\0000
    Service: purendis
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Kaspersky Anti-Virus NDIS 6 Filter
    Device ID: ROOT\LEGACY_KLIM6\0000
    Manufacturer:
    Name: Kaspersky Anti-Virus NDIS 6 Filter
    PNP Device ID: ROOT\LEGACY_KLIM6\0000
    Service: KLIM6
    .
    ==== System Restore Points ===================
    .
    RP284: 1/7/2013 7:12:39 AM - Windows Backup
    RP285: 1/9/2013 3:00:19 AM - Windows Update
    RP286: 1/9/2013 8:07:04 AM - Installed Microsoft Fix it 50267
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 69.72.252.254 www.google-analytics.com.
    Hosts: 69.72.252.254 ad-emea.doubleclick.net.
    Hosts: 69.72.252.254 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe Acrobat 8 Professional - English, Fran├žais, Deutsch
    Adobe Acrobat 8.3.1 - CPSID_83708
    Adobe Acrobat 8.3.1 Professional
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Enhanced Multimedia Keyboard Solution
    Free DWG Viewer 7.1
    GIMP 2.6.11
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.0.0.799
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPTCSSetup
    InstallationKit
    Java 7 Update 10
    Java Auto Updater
    Java(TM) 6 Update 24
    JavaFX 2.1.1
    Kaspersky Anti-Virus 2011
    Learn.com Player (Uninstall Only)
    LightScribe System Software 1.14.17.1
    LightScribeTemplateLabeler
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft IntelliType Pro 8.0
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 60 day trial
    Microsoft Office Live Meeting 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox (3.6.25)
    muvee autoProducer 6.1
    NVIDIA Drivers
    Power2Go
    Print-IT Client x64
    Privacy SafeGuard version 1.1
    PSSWCORE
    Python 2.5.2
    QuickTime
    Ralink Wireless LAN
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SGF FormWizard 2007
    Spelling Dictionaries Support For Adobe Reader 8
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VideoToolkit01
    VNC Enterprise Edition E4.5.1
    VNC Mirror Driver 1.8.0
    VNC Printer Driver 1.6.0
    Vuze
    Vuze Remote Toolbar v6.6
    WebEx Support Manager for Internet Explorer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2013 8:44:13 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    1/9/2013 8:43:43 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/9/2013 8:43:43 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    1/9/2013 8:43:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIM6
    1/9/2013 8:43:00 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/9/2013 8:42:59 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/9/2013 8:42:58 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/9/2013 8:42:56 AM, Error: Service Control Manager [7000] - The Pure Networks Wireless Driver service failed to start due to the following error: The system cannot find the file specified.
    1/9/2013 8:42:56 AM, Error: Service Control Manager [7000] - The Pure Networks Device Discovery Driver service failed to start due to the following error: The system cannot find the file specified.
    1/4/2013 5:04:15 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    1/4/2013 3:20:30 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.
    .
    ==== End Of File ===========================
  3. BlondeOrleans

    BlondeOrleans Newcomer, in training Topic Starter

    MBAM log:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.09.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Amber :: FRONTDESK-PC [administrator]

    1/9/2013 9:49:31 AM
    mbam-log-2013-01-09 (09-49-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 231497
    Time elapsed: 2 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.



    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.