TechSpot

Problems with removing plug-ins

Inactive
By andreac7829
Mar 7, 2013
Topic Status:
Not open for further replies.
  1. I was not able to post the DDS.txt data because I kept getting kicked out. So I zipped it and am attaching both readme's

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Please observe forum rules.
    All logs have to be pasted.

    What do you mean by being "kicked out"?

    You're not saying what your computer issues are.

    MBAM log is missing.
  3. andreac7829

    andreac7829 TS Rookie Topic Starter

    Re: What do you mean by being "kicked out"?
    What I meant was that I was trying to paste the readme.txt into your text box for starting the thread and it would paste and then the site would fail and have to recover. So after trying 7 times to paste the text and getting the same results I gave up and just attched the zip's. I am not sure if it was my computer or not, but most likely.

    My comp issue was that the internet was not responding because of these off-site ads that were relentlessly invading all webpages. I went through the process you had posted, and I will paste the MBAM log and the end of the post. After completing the steps listed the computer did appear to be slightly faster. But, I was still seeing the offsite ads on the web pages. So I discovered that the ads were a Savings Vault plug-in and then proceeded to uninstall it. No more ads or site crashing since. Yay me. Anyways, I still would like to follow the trail back with you and make sure that I did not make any mistakes during the cleaning process. Here is the MBAM log:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.03.08.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andrea :: ANDREA-HP [administrator]
    Protection: Enabled
    3/7/2013 7:17:05 PM
    mbam-log-2013-03-07 (19-17-05).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 264151
    Time elapsed: 17 minute(s), 50 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 2
    C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (PUP.215Apps) -> Delete on reboot.
    C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (PUP.InfoAtoms) -> Delete on reboot.
    Registry Keys Detected: 34
    HKCR\CLSID\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440244184402} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550255185502} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0021802.BHO.1 (PUP.215Apps) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0005058.BHO.1 (PUP.215Apps) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> Quarantined and deleted successfully.
    HKCR\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{EF96EDE0-E1F8-4EB2-956B-D54DF35335E4} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCR\Interface\{44C0ECF5-4AC6-4E39-8091-E57070F8945A} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
    HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    Registry Values Detected: 3
    HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 1
    C:\Program Files (x86)\Shopping Sidekick (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    Files Detected: 14
    C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (PUP.215Apps) -> Delete on reboot.
    C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (PUP.InfoAtoms) -> Delete on reboot.
    C:\Users\Andrea\Downloads\mplayer_Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.
    C:\Users\Chylah\Local Settings\Temporary Internet Files\Content.IE5\703VW3FF\Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.
    C:\Users\Davi\Local Settings\Temporary Internet Files\Content.IE5\RZ4EDCLT\ShoppingSidekick_Test[1] (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickInstaller.log (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Shopping Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick-bg.exe (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Users\Andrea\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Users\Andrea\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    (end)
  4. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    It looks like we need to run some more checks.

    I still need you to paste both DDS logs.
  5. andreac7829

    andreac7829 TS Rookie Topic Starter

    Here you are!

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/12/2012 5:04:32 PM
    System Uptime: 3/8/2013 12:19:34 PM (5 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2AD3
    Processor: AMD E-300 APU with Radeon(tm) HD Graphics | CPU 1 | 1300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 449 GiB total, 360.427 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.071 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP67: 2/14/2013 3:00:15 AM - Windows Update
    RP68: 2/16/2013 1:22:12 PM - Removed Claro Chrome Toolbar
    RP69: 2/16/2013 1:40:54 PM - Removed Delta Chrome Toolbar
    RP70: 2/21/2013 10:03:04 AM - Removed Microsoft Lync 2010
    RP71: 2/27/2013 3:00:12 AM - Windows Update
    RP72: 3/7/2013 9:42:07 PM - Installed HP Support Assistant
    RP73: 3/7/2013 9:51:06 PM - Windows Modules Installer
    RP74: 3/7/2013 9:52:19 PM - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    24x7 Help
    3D XML Player
    7-Zip 9.21
    Adobe Acrobat 7.0 Standard
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop 7.0
    AMD APP SDK Runtime
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AVG 2013
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    AVG Security Toolbar
    BabylonObjectInstaller
    Bejeweled 3
    Blackhawk Striker 2
    Blio
    Bonjour
    Bubble Wrap
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Cisco AnyConnect VPN Client
    Cradle of Rome 2
    D3DX10
    Delta toolbar
    DirectX for Managed Code Update (Summer 2004)
    Dora's World Adventure
    Download Updater (AOL Inc.)
    DWGeditor
    eDrawings 2010 API SDK
    Facebook
    Farm Frenzy
    Farmscapes
    FATE
    Final Drive Fury
    Free-Plan
    GetSavin
    Google Chrome
    Google Update Helper
    HDVidCodec
    Hewlett-Packard ACLM.NET v1.2.1.1
    Hoyle Card Games
    HP Application Assistant
    HP Auto
    HP Calendar
    HP Client Services
    HP Clock
    HP Customer Experience Enhancements
    HP Games
    HP LinkUp
    HP Magic Canvas
    HP Magic Canvas Tutorials
    HP MovieStore
    HP Notes
    HP Odometer
    HP RSS
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP TouchSmart RecipeBox
    HP Update
    HP Vision Hardware Diagnostics
    HP Weather
    InfoAtoms [Uninstall]
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 33
    Jewel Match 3
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    John Deere Drive Green
    Junk Mail filter update
    Kobo
    LabelPrint
    Letters from Nowhere 2
    Luxor HD
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Metric Converter
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Mathematics
    Microsoft Office 2003 Web Components
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Online Services Sign-in Assistant
    Microsoft PowerPoint 2010 Packages
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    opensource
    PC Fix Speed 1.2.0.24
    PDF Complete Special Edition
    Penguins!
    PhotoView 360
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PressReader
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Recovery Manager
    Remote Graphics Receiver
    RollerCoaster Tycoon 3: Platinum
    Search Protect by conduit
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Sendori
    Skype™ 5.10
    SMPlayer 0.6.9
    SolidWorks 2010 API SDK
    SolidWorks 2010 Document Manager API
    SolidWorks 2010 x64 Edition SP0
    SolidWorks 2012 x64 Edition SP04
    SolidWorks eDrawings 2010
    SolidWorks eDrawings 2012 x64 Edition SP04
    SolidWorks Explorer 2010 SP0 x64 Edition
    SolidWorks Explorer 2012 SP04 x64 Edition
    SolidWorks Flow Simulation 2010 SP0 x64 Edition
    SolidWorks Flow Simulation 2012 SP04 x64 Edition
    SolidWorks SolidNetWork License Manager
    SolidWorks Workgroup PDM Server 2010 SP0 x64 Edition
    Spot
    Tap Tap Bear
    The Treasures of Mystery Island: The Ghost Ship
    Torchlight
    TSHostedAppLauncher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    VC80CRTRedist - 8.0.50727.6195
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2010 x64 Redistributables
    Wajam
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WiseConvert B Toolbar
    WSOP-USA.com
    Yontoo 1.12.02
    Zinio Reader 4
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/8/2013 12:22:23 PM, Error: Service Control Manager [7034] - The SolidNetWork License Manager service terminated unexpectedly. It has done this 1 time(s).
    3/8/2013 12:22:23 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
    3/8/2013 12:20:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    3/8/2013 11:07:30 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Andrea-HP\Andrea SID (S-1-5-21-3638052705-483634149-3731610617-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/8/2013 11:07:30 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Andrea-HP\Andrea SID (S-1-5-21-3638052705-483634149-3731610617-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/7/2013 9:23:20 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.
    3/7/2013 10:08:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
    3/7/2013 10:08:12 PM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by Andrea at 17:54:31 on 2013-03-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1422 [GMT -7:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\24x7Help\App24x7Svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Sendori\SendoriUp.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Users\Andrea\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
    C:\Users\Andrea\AppData\Local\Temp\Adobelm_Cleanup.0001
    C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\Users\Andrea\AppData\Local\Temp\Adobelm_Cleanup.0001
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    mURLSearchHooks: WiseConvert B Toolbar: {2713b394-286f-4d7c-89ea-4174eeab9f5a} - C:\Program Files (x86)\WiseConvert_B\prxtbWise.dll
    BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    BHO: WiseConvert B Toolbar: {2713b394-286f-4d7c-89ea-4174eeab9f5a} - C:\Program Files (x86)\WiseConvert_B\prxtbWise.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    BHO: GetSavin 5.0: {9976482F-FF0E-4797-B5AC-7E7AA3FCB3B7} - C:\Users\Andrea\AppData\Local\getsavin\ie\getsavin_1361393438.dll
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
    BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: WiseConvert B Toolbar: {2713B394-286F-4D7C-89EA-4174EEAB9F5A} - C:\Program Files (x86)\WiseConvert_B\prxtbWise.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
    TB: WiseConvert B Toolbar: {2713b394-286f-4d7c-89ea-4174eeab9f5a} - C:\Program Files (x86)\WiseConvert_B\prxtbWise.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
    uRun: [SearchProtect] C:\Users\Andrea\AppData\Roaming\SearchProtect\bin\cltmng.exe
    uRun: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
    mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
    mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    uPolicies-Explorer: NoViewOnDrive = dword:0
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: DisableLocalMachineRun = dword:0
    uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
    uPolicies-Explorer: DisableCurrentUserRun = dword:0
    uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    uPolicies-Explorer: NoFile = dword:0
    uPolicies-Explorer: HideClock = dword:0
    uPolicies-Explorer: NoDevMgrUpdate = dword:0
    uPolicies-Explorer: NoDFSTab = dword:0
    uPolicies-Explorer: NoWindowsUpdate = dword:0
    uPolicies-Explorer: NoEncryptOnMove = dword:0
    uPolicies-Explorer: NoRunasInstallPrompt = dword:0
    uPolicies-Explorer: NoResolveTrack = dword:0
    uPolicies-Explorer: NoStartMenuSubFolders = dword:0
    uPolicies-System: NoDispAppearancePage = dword:0
    uPolicies-System: NoDispSettingsPage = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoViewOnDrive = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: DisableLocalMachineRun = dword:0
    mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
    mPolicies-Explorer: DisableCurrentUserRun = dword:0
    mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: NoFile = dword:0
    mPolicies-Explorer: HideClock = dword:0
    mPolicies-Explorer: NoDevMgrUpdate = dword:0
    mPolicies-Explorer: NoDFSTab = dword:0
    mPolicies-Explorer: NoWindowsUpdate = dword:0
    mPolicies-Explorer: NoEncryptOnMove = dword:0
    mPolicies-Explorer: NoRunasInstallPrompt = dword:0
    mPolicies-Explorer: NoResolveTrack = dword:0
    mPolicies-Explorer: NoStartMenuSubFolders = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: NoDispAppearancePage = dword:0
    mPolicies-System: NoDispSettingsPage = dword:0
    mPolicies-Explorer: NoViewOnDrive = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: DisableLocalMachineRun = dword:0
    mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
    mPolicies-Explorer: DisableCurrentUserRun = dword:0
    mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: NoFile = dword:0
    mPolicies-Explorer: HideClock = dword:0
    mPolicies-Explorer: NoDevMgrUpdate = dword:0
    mPolicies-Explorer: NoDFSTab = dword:0
    mPolicies-Explorer: NoWindowsUpdate = dword:0
    mPolicies-Explorer: NoEncryptOnMove = dword:0
    mPolicies-Explorer: NoRunasInstallPrompt = dword:0
    mPolicies-Explorer: NoResolveTrack = dword:0
    mPolicies-Explorer: NoStartMenuSubFolders = dword:0
    mPolicies-System: NoDispAppearancePage = dword:0
    mPolicies-System: NoDispSettingsPage = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
    Trusted Zone: cinemanow.com
    Trusted Zone: cinemanow.com
    Trusted Zone: hp.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: roxio.com
    Trusted Zone: roxionow.com
    Trusted Zone: roxionow.com
    Trusted Zone: sonic.com
    Trusted Zone: sonic.com
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{5CB20EBE-68F5-4056-9AEB-9486E27E68D3} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
    TCP: Interfaces\{5CB20EBE-68F5-4056-9AEB-9486E27E68D3} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
    x64-DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-5-16 79488]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-5-16 40064]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-11 39768]
    R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-2-22 342168]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-16 204288]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-3-6 93984]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 682344]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-16 1128952]
    R2 PDMWorks Workgroup Server;SolidWorks Workgroup PDM Server;C:\Program Files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe [2009-10-15 3366912]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]
    R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-16 169584]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-7 24176]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-16 47232]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S2 SolidWorks SolidNetWork License Manager;SolidNetWork License Manager;C:\Program Files (x86)\SolidWorks SolidNetWork License Manager\lmgrd.exe [2008-11-5 1500424]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-22 1431888]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;C:\Program Files\SolidWorks Corp\SolidWorks\COSMOS\binCFW\StandAloneSlv.exe [2009-9-11 199464]
    S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2012-4-9 114824]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-13 1255736]
    S4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [2012-6-9 89192]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2013-03-08 04:54:59 -------- d-----w- C:\ProgramData\Uninstall
    2013-03-08 02:14:36 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Malwarebytes
    2013-03-08 02:14:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-03-08 02:14:05 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-08 02:14:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-08 02:13:20 -------- d-----w- C:\Users\Andrea\AppData\Local\Programs
    2013-03-07 23:46:46 -------- d-----w- C:\FREEPLAN
    2013-03-06 23:56:48 -------- d-----w- C:\Program Files (x86)\SearchProtect
    2013-03-06 23:56:34 -------- d-----w- C:\Users\Andrea\AppData\Roaming\SearchProtect
    2013-03-06 23:56:11 -------- d-----w- C:\Program Files (x86)\WiseConvert_B
    2013-02-22 17:09:33 -------- d-----w- C:\Users\Andrea\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
    2013-02-22 16:56:06 -------- d-----w- C:\Users\Andrea\AppData\Roaming\24x7 Help
    2013-02-22 16:55:55 -------- d-----w- C:\Program Files (x86)\24x7Help
    2013-02-22 16:55:52 -------- d-----w- C:\Users\Andrea\AppData\Roaming\PCFixSpeed
    2013-02-22 16:55:51 -------- d-----w- C:\ProgramData\PCFixSpeed
    2013-02-22 16:55:47 -------- d-----w- C:\Program Files (x86)\PCFixSpeed
    2013-02-22 16:55:44 -------- d-----w- C:\Users\Andrea\AppData\Local\getsavin
    2013-02-16 20:11:35 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-02-16 20:11:31 -------- d-----w- C:\Users\Andrea\AppData\Local\Conduit
    2013-02-16 20:11:12 -------- d-----w- C:\Users\Andrea\AppData\Local\CRE
    2013-02-16 20:09:21 -------- d-----w- C:\Users\Andrea\AppData\Local\Savings Vault
    2013-02-16 20:07:02 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Strongvault
    2013-02-16 20:06:54 -------- d-----w- C:\Users\Andrea\AppData\Local\Stronghold_LLC
    2013-02-16 20:06:39 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2013-02-16 20:03:18 -------- d-----w- C:\Program Files (x86)\SMPlayer
    2013-02-16 20:02:07 -------- d-----w- C:\Program Files (x86)\InfoAtoms
    2013-02-16 20:01:34 -------- d-----w- C:\Users\Andrea\AppData\Local\VisualBeeExe
    2013-02-16 20:00:35 -------- d-----w- C:\ProgramData\VisualBee
    2013-02-14 10:03:59 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 10:03:59 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 10:00:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2013-02-14 10:00:58 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
    2013-02-14 10:00:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2013-02-14 10:00:57 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2013-02-13 22:52:37 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-13 22:52:36 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-13 22:52:36 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-13 22:52:28 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-13 22:52:27 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-13 22:52:26 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-13 22:52:26 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-13 22:52:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-13 22:52:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-13 22:52:26 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 22:52:23 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-13 22:52:23 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-11 21:01:23 -------- d-----w- C:\ProgramData\BrowserProtect
    2013-02-11 21:01:18 -------- d-----w- C:\Program Files (x86)\Delta
    2013-02-11 21:01:14 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Delta
    2013-02-11 21:00:45 -------- d-----w- C:\Program Files (x86)\Yontoo
    2013-02-11 21:00:38 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-02-11 21:00:32 -------- d-----w- C:\Program Files (x86)\Movie2KDownloader.com
    2013-02-11 21:00:30 -------- d-----w- C:\Program Files (x86)\hdvidcodec.com
    2013-02-11 14:15:14 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Roxio Log Files
    2013-02-11 13:45:41 -------- d-----w- C:\Users\Andrea\AppData\Local\Cisco
    2013-02-11 13:40:23 -------- d-----w- C:\Program Files (x86)\Cisco
    2013-02-11 13:39:16 -------- d-----w- C:\ProgramData\Cisco
    2013-02-09 13:56:51 35792 ----a-w- C:\Windows\System32\TURegOpt.exe
    2013-02-09 13:56:47 27088 ----a-w- C:\Windows\System32\authuitu.dll
    2013-02-09 13:56:47 22480 ----a-w- C:\Windows\SysWow64\authuitu.dll
    .
    ==================== Find3M ====================
    .
    2013-02-27 01:38:16 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-27 01:38:16 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-19 08:54:59 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-02-11 14:21:18 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
    2013-01-23 01:37:11 0 ----a-w- C:\Windows\SysWow64\shoC6E9.tmp
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-29 16:08:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-12-29 16:08:04 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-10 23:01:54 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
    .
    ============= FINISH: 17:56:27.43 ===============
  6. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  7. andreac7829

    andreac7829 TS Rookie Topic Starter

    Rogue Killer report:

    RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Andrea [Admin rights]
    Mode : Remove -- Date : 03/09/2013 13:54:36
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] cltmng.exe -- C:\Users\Andrea\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 13 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Andrea\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> DELETED
    [TASK][SUSP PATH] Updater21802.exe : C:\Users\Davi\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack [-] -> DELETED
    [TASK][SUSP PATH] VisualBeeRecovery : C:\Users\Andrea\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [x] -> DELETED
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{5CB20EBE-68F5-4056-9AEB-9486E27E68D3} : NameServer (216.146.35.240,216.146.36.240,192.168.1.1) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{5CB20EBE-68F5-4056-9AEB-9486E27E68D3} : NameServer (216.146.35.240,216.146.36.240,192.168.1.1) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableCMD (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableCMD (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD50 00AAKX-603CA0 SATA Disk Device +++++
    --- User ---
    [MBR] c9423b4e0fed85d4a3eefd1036cdfd17
    [BSP] 5b770167e4dde1dfa151d09126dd3792 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 459850 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 941979648 | Size: 16988 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] b9cec6e35713cdc325fc18e308aef09d
    [BSP] a45c4d9926730af0369dfb92f6a5f6dd : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo
    Finished : << RKreport[2]_D_03092013_02d1354.txt >>
    RKreport[1]_S_03092013_02d1352.txt ; RKreport[2]_D_03092013_02d1354.txt
  8. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Still waiting for MBAR log.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.