Safer-Networking Forums

Manual Removal Guide for SimplyTech.HomeTab

Friday — Wed, 22 May 2013 10:20:40 GMT

The following instructions have been created to help you to get rid of "SimplyTech.HomeTab" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

malware

Description:

SimplyTech.HomeTab is a malicious software that gets installed without proper consent if bundled for instance in the CovusPro.Installer. It installs itself with generic names like newtab, hometab, browserupdate and launcher to avoid detection. It installes browser addons to display fraudulent advertising. The company also uses various names like Simply Tech, Predicted Media and HomeTab.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

Products that have a key or property named "{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1".
Products that have a key or property named "Browser Updater_is1".
Products that have a key or property named "Protected Search_is1".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

The file at "<$APPDATA>\HomeTab\HomeTab.dll".
The file at "<$APPDATA>\SimplyTech\home\home.htm".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\background.html".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\bundler\background.html".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\bundler\newtab.html".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\html1.htm".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\npwiddit.dll".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\panel.htm".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\pop.htm".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\widdit.htm".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_djbdlklldbflagkkpaljamjfbpefcbpf_0.localstorage".
The file at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_djbdlklldbflagkkpaljamjfbpefcbpf_0.localstorage-journal".
The file at "<$LOCALAPPDATA>\HomeTab\contact.png".
The file at "<$LOCALSETTINGS>\Temp\43169_3580\default_search_provider12.png".
The file at "<$PROGRAMFILES>\Browser Updater\Microsoft.Win32.TaskScheduler.dll".
The file at "<$PROGRAMFILES>\Browser Updater\Microsoft.Win32.TaskScheduler.xml".
The file at "<$PROGRAMFILES>\Browser Updater\TaskSchedulerCreator.exe".
The file at "<$PROGRAMFILES>\Browser Updater\TBUpdater.dll".
The file at "<$PROGRAMFILES>\Browser Updater\unins000.dat".
The file at "<$PROGRAMFILES>\Browser Updater\unins000.exe".
The file at "<$PROGRAMFILES>\HomeTab\chrome\HomeTab.crx".
The file at "<$PROGRAMFILES>\HomeTab\hometab_icon.ico".
The file at "<$PROGRAMFILES>\HomeTab\InstallHelper.dll".
The file at "<$PROGRAMFILES>\HomeTab\InstallHelperNet4.dll".
The file at "<$PROGRAMFILES>\HomeTab\Interop.IWshRuntimeLibrary.dll".
The file at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\chrome.manifest".
The file at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\chrome\HomeTab_3580.jar".
The file at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\components\wtb_complete.js".
The file at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\install.js".
The file at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\install.rdf".
The file at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\plugins\npwiddit.dll".
The file at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\pop.htm".
The file at "<$PROGRAMFILES>\HomeTab\System.Data.SQLite.dll".
The file at "<$PROGRAMFILES>\HomeTab\ToolbarUninstall.exe".
The file at "<$PROGRAMFILES>\HomeTab\unins000.dat".
The file at "<$PROGRAMFILES>\HomeTab\unins000.exe".
The file at "<$PROGRAMFILES>\Mozilla Firefox\searchplugins\Web Search.xml".
The file at "<$WINDIR>\Launcher.exe".
The file at "<$WINDIR>\Tasks\Browser Updater.job".

Make sure you set your file manager to display hidden and system files. If SimplyTech.HomeTab uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$APPDATA>\HomeTab".
The directory at "<$APPDATA>\Mozilla\Firefox\Profiles\<$ENV(HomeTab_FF_path)>\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}".
The directory at "<$APPDATA>\SimplyTech\home".
The directory at "<$APPDATA>\SimplyTech".
The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0\bundler".
The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf\2.7_0".
The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf".
The directory at "<$LOCALAPPDATA>\HomeTab".
The directory at "<$LOCALAPPDATA>\SimplyTech".
The directory at "<$LOCALSETTINGS>\Temp\43169_3580".
The directory at "<$PROGRAMFILES>\Browser Updater".
The directory at "<$PROGRAMFILES>\HomeTab\chrome".
The directory at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\chrome".
The directory at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\components".
The directory at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com\plugins".
The directory at "<$PROGRAMFILES>\HomeTab\support@HomeTab.com".
The directory at "<$PROGRAMFILES>\HomeTab".

Make sure you set your file manager to display hidden and system files. If SimplyTech.HomeTab uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

A key in HKEY_CLASSES_ROOT\ named "wtb.Band.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wtb.Band", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wtb.NotificationSource.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wtb.NotificationSource", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wtb.SourceSinkImpl.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wtb.SourceSinkImpl", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wtb.ToolbarInfo.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "wtb.ToolbarInfo", plus associated values.
Delete the registry key "{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{515e8851-15c5-4b5a-9c31-25d3dfc6302f}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6e80943c-847c-4447-b830-f94e7dcbbd4e}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\".
Delete the registry key "{74600557-e870-41ad-910a-83eba6cdc3ce}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8DA8B89E-0C65-403B-8231-AB22ECFA0687}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{96edaac7-6183-4cb5-8823-b8b12d94f967}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{96edaac7-6183-4cb5-8823-b8b12d94f967}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\".
Delete the registry key "{96edaac7-6183-4cb5-8823-b8b12d94f967}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{A928E66C-F501-4E66-9953-855C712F93B2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{A928E66C-F501-4E66-9953-855C712F93B2}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{afdbddaa-5d3f-42ee-b79c-185a7020515b}" at "HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes\".
Delete the registry key "{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B7DC94D1-A06F-411B-9396-70CC757A9133}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{cfd485f0-96bd-47cd-bb6d-cd7dda95f102}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\".
Delete the registry key "{ddb73aac-1a18-4c2d-878a-eef8936ec374}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{E6B4EE8F-C38E-4994-BE28-229A3F92262C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FCA8936E-403A-4487-A966-70F80F1D5A6A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "BrowserUpdater" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "djbdlklldbflagkkpaljamjfbpefcbpf" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
Delete the registry key "HomeTab.DLL" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "HomeTab" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "HomeTab" at "HKEY_CURRENT_USER\Software\AppDataLow\Software\Simplytech\".
Delete the registry key "ProtectedSearch" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "SimplyTech" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "Simplytech" at "HKEY_CURRENT_USER\Software\AppDataLow\Software\".
Delete the registry value "{96edaac7-6183-4cb5-8823-b8b12d94f967}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "newtab" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\".
Remove "about:newtab" from registry value "Start Default_Page_URL" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\".
Remove "about:newtab" from registry value "Start Default_Page_URL" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\".
Remove "about:newtab" from registry value "Start Page" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\".
Remove "about:newtab" from registry value "Start Page" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\".
Remove "about:newtab" from registry value "Start Page" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\".

If SimplyTech.HomeTab uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

Please check your bookmarks for links to "about:newtab".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

Please read these instructions before requesting assistance,
Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

There are more files or system entries belonging to this product that <$SPYBOTSD> can remove, but that cannot be easily described in text. Please use <$SPYBOTSD> to make sure <$PRODUCTNAME> gets completely removed.

Manual Removal Guide for FakePorn.Winlock

Friday — Wed, 22 May 2013 10:20:38 GMT

The following instructions have been created to help you to get rid of "FakePorn.Winlock" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

trojan

Description:

FakePorn.Winlock is a Trojan horse that pretends to be a porn video to get executed. Once run it will lock down the computer while pretending to demand money for official authorities because of copyright infringement done by the computer user. Removal requires the usage of a different user account or a different boot media.

Removal Instructions:

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

Please read these instructions before requesting assistance,
Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

Manual Removal Guide for Bandoo.Toolbar

Friday — Wed, 22 May 2013 10:20:08 GMT

The following instructions have been created to help you to get rid of "Bandoo.Toolbar" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

pups

Description:

Bandoo.Toolbar promises free emoticons for instant messengers like MSN and Yahoo IM. Bandoo.Toolbar installs hidden toolbars to browser and also installs a service which runs in background. By default the installer will install adware and set the homepage to searchnu. The installer also fails to show an EULA and the privacy policy, it also does not explicitly show that users must be older than 12.

Products that have a key or property named "Bandoo".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

The file at "<$COMMONPROGRAMS>\Bandoo\Bandoo Extensions.lnk".
The file at "<$COMMONPROGRAMS>\Bandoo\Bandoo Tutorial.lnk".
The file at "<$COMMONPROGRAMS>\Bandoo\License Agreement.lnk".
The file at "<$PROGRAMFILES>\Bandoo\Bandoo.exe".
The file at "<$PROGRAMFILES>\Bandoo\BandooGo.exe".
The file at "<$PROGRAMFILES>\Bandoo\BandooRes.dll".
The file at "<$PROGRAMFILES>\Bandoo\BandooUI.exe".
The file at "<$PROGRAMFILES>\Bandoo\BndCore.exe".
The file at "<$PROGRAMFILES>\Bandoo\BndHook.dll".
The file at "<$PROGRAMFILES>\Bandoo\ChromePackage.crx".
The file at "<$PROGRAMFILES>\Bandoo\CrashRpt.dll".
The file at "<$PROGRAMFILES>\Bandoo\ExtensionsManager.exe".
The file at "<$PROGRAMFILES>\Bandoo\ffext.exe".
The file at "<$PROGRAMFILES>\Bandoo\FlashAnimator.dll".
The file at "<$PROGRAMFILES>\Bandoo\ftalk.ico".
The file at "<$PROGRAMFILES>\Bandoo\GIFAnimator.dll".
The file at "<$PROGRAMFILES>\Bandoo\InstallerNsisHelper.dll".
The file at "<$PROGRAMFILES>\Bandoo\libungif4.dll".
The file at "<$PROGRAMFILES>\Bandoo\license.rtf".
The file at "<$PROGRAMFILES>\Bandoo\Plugins.ini".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\IE\ieplugin.dll".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\IE\Resources\bandoo.js".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\IE\Resources\HTML\blank.html".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\IE\Resources\HTML\error.html".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\msnplugin.dll".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\Resources\HTML\blank.html".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\Resources\HTML\error.html".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\Resources\Toolbar\BandooToolbar.xml".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources\HTML\blank.html".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources\HTML\error.html".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources\Toolbar\BandooToolbar.xml".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources\Toolbar\BandooToolbarV9.xml".
The file at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\YahooPlugin.dll".
The file at "<$PROGRAMFILES>\Bandoo\Resources\BandooMessages.xml".
The file at "<$PROGRAMFILES>\Bandoo\Resources\downloading.gif".
The file at "<$PROGRAMFILES>\Bandoo\Resources\tutorial\tutorial.html".
The file at "<$PROGRAMFILES>\Bandoo\uninstall.log".
The file at "<$PROGRAMFILES>\Bandoo\uninstaller.exe".
The file at "<$SYSDIR>\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg".

Make sure you set your file manager to display hidden and system files. If Bandoo.Toolbar uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$APPDATA>\Mozilla\Firefox\Profiles\<$ENV(Bandoo_FF_path)>\extensions\ffox@bandoo.com".
The directory at "<$COMMONAPPDATA>\Bandoo".
The directory at "<$COMMONPROGRAMS>\Bandoo".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\IE\Resources\HTML".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\IE\Resources".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\IE".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\Resources\HTML".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\Resources\Toolbar\Images".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\Resources\Toolbar".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\MSN\Resources".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\MSN".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources\HTML".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources\Toolbar".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo\Resources".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins\Yahoo".
The directory at "<$PROGRAMFILES>\Bandoo\Plugins".
The directory at "<$PROGRAMFILES>\Bandoo\Resources\tutorial".
The directory at "<$PROGRAMFILES>\Bandoo\Resources".
The directory at "<$PROGRAMFILES>\Bandoo".

Make sure you set your file manager to display hidden and system files. If Bandoo.Toolbar uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.BandooCoordinator.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.BandooCoordinator", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.CoordinatorUI.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.CoordinatorUI", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.HTTPAsyncResult.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.HTTPAsyncResult", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.PlugInNotifier.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCoordinator.PlugInNotifier", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.BandooCore.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.BandooCore", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.ResourcesMngr.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.ResourcesMngr", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.SettingsMngr.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.SettingsMngr", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.StatisticMngr.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooCore.StatisticMngr", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooIEPlugin.BandooIEPlugin.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BandooIEPlugin.BandooIEPlugin", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BFlashAnimator.BFlashAnimatorCtrl.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BFlashAnimator.BFlashAnimatorCtrl", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BGIFAnimator.BGIFAnimatorCtrl.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BGIFAnimator.BGIFAnimatorCtrl", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPDataAccessor.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPDataAccessor", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPDownloadStatus.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPDownloadStatus", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPFileDownloadService.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPFileDownloadService", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPProxyInfo.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPProxyInfo", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPService.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPService", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPServiceFactory.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CURL.HTTPServiceFactory", plus associated values.
Delete the registry key "{01222E21-6BD0-4EB3-94F1-967EB09CCED5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{06DE5702-44CF-4B79-B4EF-3DDF653358F5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{074E4EFE-81BB-4EA4-866E-082CB0E01070}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{0CE5B352-9D9C-41E1-9551-FCCD92820217}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{1301A8A5-3DFB-4731-A162-B357D00C9644}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{167B2B5F-2757-434A-BBDA-2FDB2003F14F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{266294D5-5A0D-46E8-9294-BCB6EAFA478F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{27F69C85-64E1-43CE-98B5-3C9F22FB408E}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{33DDFC61-F531-4982-8C32-4212B7835D44}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3AD7A5B6-610D-4A82-979E-0AED20920690}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{3AD7A5B6-610D-4A82-979E-0AED20920690}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\".
Delete the registry key "{4410C118-B23C-406C-9F52-9CDABD90A5EA}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{477F210A-2A86-4666-9C4B-1189634D2C84}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{518CA0FD-F755-4F98-A2A8-CD450FB203AB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5E9B4D72-C58D-48BF-AC09-68182D472160}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6F43FA77-C18F-4D0C-9C7E-958876FE2061}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{72434BC1-E46D-47A1-A597-8749DFBCC24A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{7DBA2B02-EA31-4B98-812B-C6E8AE5C2972}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{7f000001-db8e-f89c-2fec-49bf726f8c12}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\".
Delete the registry key "{872F3C0B-4462-424c-BB9F-74C6899B9F92}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{929FCA79-44E2-4408-83E7-F93AAE0B0909}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{94FBDF11-676E-42E5-A516-1FD39970386B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9932C738-5580-4408-A0E8-5EA03BE5FB18}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9C123289-82E1-4da7-A3C2-B8D28AAD114B}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\".
Delete the registry key "{A01A3335-0C30-4312-A430-92356CC37A92}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{A288B32D-1001-479F-8DA2-E259010B7A31}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A5D99259-ADA3-48A5-B861-39813B713DCB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{AFFA986E-4B0F-4F15-9DDC-19FE8129602A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B348A16C-64A6-4EAE-A42A-722623572C7E}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B543EF05-9758-464E-9F37-4C28525B4A4C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{BB76A90B-2B4C-4378-8506-9A2B6E16943C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C29CF951-7F4F-4B8D-ACA8-C4EE934C27DC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CE1CB632-6817-47b3-8587-D05AF75D6D5A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D60A7941-4F69-4A79-BED7-72ADA784B8F7}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{DFF35F25-E783-4E26-8DA6-EBB66B8B0E39}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E57D3C8D-ADD0-4AE0-8A14-0D0F6A3487FB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EB5CEE80-030A-4ED8-8E20-454E9C68380F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{EB5CEE80-030A-4ED8-8E20-454E9C68380F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{EDE2C296-2458-4E3B-A846-4B512C0703B5}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{EF2B6317-C367-401B-83B8-80302D6588A7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F5379B4B-24D8-432A-9A96-BE75EE5117DB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F9189560-573A-4fde-B055-AE7B0F4CF080}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\".
Delete the registry key "{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{FF871E51-2655-4D06-AED5-745962A96B32}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "Bandoo Coordinator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
Delete the registry key "Bandoo Coordinator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
Delete the registry key "Bandoo Coordinator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
Delete the registry key "Bandoo" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "BandooCoordinator.EXE" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "BandooCore.EXE" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "BandooV8.exe" at "HKEY_CLASSES_ROOT\Applications\".
Delete the registry key "dloejdefkancmfajekobpfoacecnhpgp" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
Delete the registry key "FlashAnimator.DLL" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "GIFAnimator.DLL" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "IEPlugin.DLL" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry value "AppInit_DLLs=<$PROGRAMFILES>\bandoo\bndhook.dll " at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\".
Delete the registry value "ffox@bandoo.com" at "HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\".

If Bandoo.Toolbar uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

Please read these instructions before requesting assistance,
Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

Simple question - What does PUPSC stand for?

Andy_P2002 — Wed, 22 May 2013 09:38:30 GMT

OK so I occasionally get a result of a "PUPSC" as the "threat" after a scan.

I think it's important that if abbreviations are used, then those abbreviations should always be explained (or even just mentioned!) in the Help files for the program, but in this case it isn't.
(It's not just Spybot that fails here, I've even had it where whole menu items in professional programs are not mentioned in their own 'Help')

Anyway, so I've searched the forum here, and in several places it tells me that "PUP" = "potentially unwanted program", but everyone seems very quiet about what the "SC" may mean.

Can anyone just give the full meaning for the letters PUPSC please?

Thanks!

4 days

elenagarchom — Wed, 22 May 2013 06:44:17 GMT

http://forums.spybot.info/showthread...owser-hijacked
I 've set up ERUNT and read how to make it work properly on Windows 7.

Annoying pop-ups in all browsers in bottom right/left corner

anton_ego — Tue, 21 May 2013 22:36:40 GMT

Hello.

Some unwanted and annoying ads keep popping up in all of my browsers (Firefox, Chrome, IE) for the last few months in almost all websites except facebook and google. I tried some malware removal tools like tdsskiller and rkill, but it didn't solve the problem. There are three kinds of popups which keep coming: one is a square shaped ad in left-bottom corner of the browser, then a facebook message kind of popup in the right bottom corner (with that typical FB msg notification sound) which usually has the "are you looking for + title of the webpage?" as its message, and the third is a rectangular white box in the right bottom corner with a 'click here' button which when clicked redirects to "tlbsearch.com". I tried some suggestions in some forums which has further complicated things for me. Earlier first type of pop-up (the left bottom corner) had a close button with which I can close it. Now it has become invisible and I am not able to access the left bottom corner of any of my browsers at all, hence not able to click any links or html objects in that place of the browser.

I got annoyed to an extent of taking it to service center before finding out this forum. I appreciate the effort and time of those who contribute to this forum, so thanks a lot in advance.

Waiting for your guidance,
SS

PS, I use a 64-bit Windows-7 Fujitsu laptop, if that info is needed.

Continuation - Infection Cleanout

Redfefnir — Tue, 21 May 2013 22:01:16 GMT

Well, I get pulled away for a few days and the thread gets archived! Understandable, but hopefully we can continue, and if not, well. That's that then. I finally had the time to sit down and run the requested scanner, which I really didn't want to leave on overnight, but had too.

Quote from what I was to-do:

Quote:

0k. thanks for the info. Not sure why Roguekiller is flagging those .exe on your desktop. They dont appear to be cracks or keygens.

In any case we can remove the proxy setting. Run Rougekiller again, after the prescan is done click the scan button. Once thats done click on the Registry tab and uncheck everything but this one:

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (203.232.208.116:8080
Then click the delete button to remove the checked item.

You can get a copy of the free version of malwarebytes which you can use as another antimalware app: Let see if it digs anything up.

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually and a scan started manually.

http://forums.spybot.info/showthread...Hacked-Account

So I ran Roguekill a few nights ago when I could and didn't find any sort of Proxy or HKCU in the results, nothing that looked close unfortunately. Then I went on a trip and had to take care of the house (that pesky lawn) with some fire department and ambulance corp events respectfully and finally ran Malwarebytes overnight last night. It didn't find anything, which hopefully means I'm on the up and up and won't be having any account theft issues.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cameron :: CAMERON-PC [administrator]

5/20/2013 10:00:10 PM
mbam-log-2013-05-20 (22-00-10).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 812763
Time elapsed: 3 hour(s), 25 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

The end of Spybot.

Steve Staubach — Tue, 21 May 2013 21:19:14 GMT

Dear friends and developers of Spybot, I have always been fond of your utility and as a PC Reclamation and Networking Technician, and you will be missed. I would like to say that up until your sudden shift in business strategy, I toted your name and encouraged donations from every personal client I met, and even some people when I worked for IBM and DELL as a Field Service Technician as I preformed virus removals and registry restructuring.

It seems that your spirit of free marketing and non-profit antivirus solutions for the masses, has died. A short burst of cash from your current stature, will eventually lead to your inevitable downfall and destruction. Any technician worth his salt understands that there are a plethora of other free anti-virus solutions, even if its doing things the old-fashioned way.. A companies network and security structure, even down to a small business is not made up of executives willing to spend money. They will find one or several computer technicians to find a solution for them, and they (we) will pursue the most affordable option even if its not the "best", especially in this economy.

Your companies removal of its primary antivirus function in the free edition will lose you favor in the eyes of technicians, not because you don't have a wonderful product that has a history of efficiency and a long standing record of success (which I can vouch for), but because there are so many OTHER free (working) solutions, that your product falls short of when finances come into play. I started my personal business as a street technician, and preformed a full hardware diagnostic and virus removal for $20 to put food on my plate. Now, I'm not alone. The costs of removals and repairs in commercial are comparable to buying a BRAND NEW PC. The field of professional technicians who are capable of password removals, data recovery, solder rework and yes, even virus removal has all but dried up in this desert of an economy. My point is this: If I offered a virus removal for $40 (a little under what most local tech shops offer, which is 60-80 due to their labor and building slot costs) and I have to pay $50 for ONE copy of Spybot with antivirus, not only am I losing money? I am wasting time. My time. My clients time. And that is not a real figure. The reality is, A company, tech shop, refurbishing warehouse or home user will find the free solutions instead of purchasing ANY product, and that is the bottom-line.

Farewell old friend, and enjoy the coinage while it lasts. As of today I am permanently removing you from my toolkit.

AV questions accedently put in dutch section sorry

cootmaster — Tue, 21 May 2013 15:44:07 GMT

question about AV
1 which AV is it
2 can i use this SB w AV WITH my current NORTON AV or will it nag to take norton out
reason i left ADAWARE w vipre was it nagged me to uinstall norton to install it
if i say NO it wouldn't continue
if it forces me choose im staying w 16x

Spybot +AV 2.1 ist da!

daemon — Tue, 21 May 2013 15:26:41 GMT

Hallo,

ich habe gerade Spybot +AV 2.1 final auf unsere Server hochgeladen. Spybot +AV 2.1 ist somit die aktuelle stabile Version unserer Software!

Alles Weitere k�nnt ihr auf unserer Webseite nachlesen, dort findet ihr auch die Download-Links.

In diesem Thread k�nnt ihr �ber die neue Version diskutieren!

daemon

Spybot +AV 2.1 released!

daemon — Tue, 21 May 2013 15:02:32 GMT

Spybot +AV 2.1 final just got released! :)

See our web site for more information and download links.

daemon

Spybot +AV 2.1 Released!

PepiMK — Tue, 21 May 2013 13:40:09 GMT

Not only does Spybot +AV version have an award winning antivirus engine but it has many new features and enhancements:- Virus scanning and removal (Home Edition and above): The inclusion of the anti-virus engine means that we can now … Continue reading →

More...

Spybot 2.1

spybotsandra — Tue, 21 May 2013 12:59:02 GMT

Hey...

There will be a little surprise later today...
Or maybe a big one *g*
:yahoo:

Best regards
Sandra
Team Spybot

Cannot uninstall Spybot 2

eggiog — Tue, 21 May 2013 10:33:48 GMT

Hello,
I want to uninstall Spybot (version 2.0.1.2) from my windows7 x64 machine.
When i try to run the uninstall feature, just nothing happens.
When i try to uninstall from windows add\remove software, still nothing happens.
Tried both methods in safe mode, same result.
Tried running CCcleaner first, same result.
Tried terminating S&D processes and services before uninstalling, same result, just NOTHING happens.

Can anyone help me?
Thanks in advance :)

Help with sound problem

gpkenny — Tue, 21 May 2013 07:46:26 GMT

I hear a sound like 'water dripping' when i log into my internet browser. The sound is random, but persistent and irritating.

Spybot and MBAM could not detect any problems, so maybe not a malware issue. Howver any advise would be much appreciated to resolve this problem.

Many Thanks

logs as requested:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by gary at 7:58:42 on 2013-05-21
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.8075.4445 [GMT 1:00]
.
AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\atieclxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\gary\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\gary\AppData\Roaming\ViStart\Plugins\MetroProvider.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Users\gary\AppData\Roaming\ViStart\ViStart.exe
C:\Users\gary\AppData\Roaming\ViStart\Plugins\SearchProvider.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [ViStart] C:\Users\gary\AppData\Roaming\ViStart\ViStart.exe
uRun: [uTorrent] "C:\Users\gary\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{11B2500D-0EDA-41C0-8154-A5D0512BF4E3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{ADA4012E-DD59-4E3C-B823-B53527DFB77F} : DHCPNameServer = 100.100.10.24
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck -
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\8ni317tu.default\
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-30 17:24; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\8ni317tu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-30 19:12; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\gary\AppData\Roaming\Mozilla\Firefox\Profiles\8ni317tu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2012-7-9 35496]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-12-25 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-1 239616]
R2 AMPPALR3;Intel� Centrino� Wireless Bluetooth� + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-12-25 1091520]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-12-25 1112000]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-31 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-7-24 146984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-25 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-1 701512]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-25 364416]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
R3 AMPPAL;Intel� Centrino� Wireless Bluetooth� + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-12-25 110592]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-12-25 825344]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-12-25 55848]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-7-24 20968]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-7-24 19944]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 intelkmd;intelkmd;C:\Windows\System32\Drivers\igdpmd64.sys [2012-7-25 8982208]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-7-24 46016]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-5-1 25928]
R3 NETwNe64;@oem15.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-8-7 4273192]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-12-25 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-25 690832]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-12-25 43832]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2012-12-25 34752]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel� Centrino� Wireless Bluetooth� + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-8-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-6-2 1737760]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-12-25 41272]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-8-9 48096]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384]
.
=============== Created Last 30 ================
.
2013-05-21 04:47:56 198320 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10204.bin
2013-05-20 15:49:36 -------- d-----w- C:\Users\gary\AppData\Roaming\IDT
2013-05-19 08:07:10 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-05-19 08:04:02 68104 ----a-w- C:\Windows\System32\XAPOFX1_0.dll
2013-05-19 08:04:02 65032 ----a-w- C:\Windows\SysWow64\XAPOFX1_0.dll
2013-05-19 08:04:02 511496 ----a-w- C:\Windows\System32\XAudio2_1.dll
2013-05-19 08:04:02 507400 ----a-w- C:\Windows\SysWow64\XAudio2_1.dll
2013-05-19 08:04:02 28168 ----a-w- C:\Windows\System32\X3DAudio1_4.dll
2013-05-19 08:04:02 25608 ----a-w- C:\Windows\SysWow64\X3DAudio1_4.dll
2013-05-19 08:04:02 238088 ----a-w- C:\Windows\SysWow64\xactengine3_1.dll
2013-05-19 08:04:02 177672 ----a-w- C:\Windows\System32\xactengine3_1.dll
2013-05-19 08:04:01 540688 ----a-w- C:\Windows\System32\d3dx10_38.dll
2013-05-19 08:04:01 467984 ----a-w- C:\Windows\SysWow64\d3dx10_38.dll
2013-05-19 08:04:01 1941528 ----a-w- C:\Windows\System32\D3DCompiler_38.dll
2013-05-19 08:04:01 1491992 ----a-w- C:\Windows\SysWow64\D3DCompiler_38.dll
2013-05-19 08:02:54 462864 ----a-w- C:\Windows\SysWow64\d3dx10_37.dll
2013-05-19 08:02:54 1420824 ----a-w- C:\Windows\SysWow64\D3DCompiler_37.dll
2013-05-19 08:02:52 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
2013-05-19 08:02:50 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2013-05-19 08:02:37 -------- d-----w- C:\Windows\SysWow64\xlive
2013-05-19 08:02:37 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-05-19 07:44:53 -------- d-----w- C:\Users\gary\AppData\Local\Rockstar Games
2013-05-19 07:31:53 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-19 07:31:52 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-19 07:31:24 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2013-05-19 07:26:44 -------- d-----w- C:\Users\gary\AppData\Roaming\PowerISO
2013-05-18 15:34:43 -------- d-----w- C:\Users\gary\AppData\Local\CyberLink
2013-05-18 11:02:07 13648384 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-18 11:02:05 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-05-18 11:02:02 2107904 ----a-w- C:\Windows\System32\mssrch.dll
2013-05-18 11:02:02 10789888 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-18 11:02:01 2767360 ----a-w- C:\Windows\SysWow64\tquery.dll
2013-05-18 11:02:01 1593344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2013-05-18 11:02:00 1829408 ----a-w- C:\Windows\System32\ntdll.dll
2013-05-18 11:02:00 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll
2013-05-18 06:39:57 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-15 16:44:35 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 11:28:16 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 11:28:16 112872 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 08:22:30 861184 ----a-w- C:\Windows\System32\drivers\http.sys
2013-05-15 07:08:55 2382336 ----a-w- C:\Windows\SysWow64\esent.dll
2013-05-15 07:08:54 2851840 ----a-w- C:\Windows\System32\esent.dll
2013-05-15 06:06:06 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-05-13 03:45:05 -------- d-----r- C:\Program Files (x86)\Skype
2013-05-12 14:42:23 -------- d-----w- C:\Users\gary\AppData\Local\FullTiltPoker
2013-05-08 03:10:42 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll
2013-05-08 03:09:50 109568 ----a-w- C:\Windows\System32\dskquota.dll
2013-05-08 03:09:48 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll
2013-05-08 03:09:30 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2013-05-08 03:09:30 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
2013-05-08 03:09:29 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
2013-05-08 03:09:29 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2013-05-08 03:09:29 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2013-05-08 03:09:29 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2013-05-08 03:07:58 368640 ----a-w- C:\Windows\System32\sppwinob.dll
2013-05-08 03:07:27 2367528 ----a-w- C:\Windows\System32\WSService.dll
2013-05-08 03:07:17 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
2013-05-08 03:07:06 2397184 ----a-w- C:\Windows\System32\WpcMon.exe
2013-05-08 03:07:04 3847168 ----a-w- C:\Windows\System32\d2d1.dll
2013-05-08 03:07:02 3964416 ----a-w- C:\Windows\System32\WinSAT.exe
2013-05-08 03:05:59 92160 ----a-w- C:\Windows\System32\lpremove.exe
2013-05-04 06:30:14 -------- d-----w- C:\Users\gary\AppData\Roaming\WildTangent
2013-05-02 18:01:36 -------- d-----w- C:\Users\gary\AppData\Local\CrashDumps
2013-05-02 03:12:27 -------- d-----r- C:\Windows\BrowserChoice
2013-05-01 16:21:27 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-01 16:21:26 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-01 15:41:53 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-05-01 15:41:50 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-05-01 15:41:01 1161728 ----a-w- C:\Windows\System32\sppobjs.dll
2013-05-01 15:33:37 94208 ----a-w- C:\Windows\System32\synceng.dll
2013-05-01 15:33:37 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-05-01 15:31:22 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-05-01 15:31:22 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-05-01 15:31:01 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
2013-05-01 15:31:01 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
2013-05-01 15:29:58 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll
2013-05-01 08:19:48 -------- d-----w- C:\Users\gary\AppData\Roaming\Malwarebytes
2013-05-01 08:19:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-01 08:19:45 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-01 08:19:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-01 08:19:10 -------- d-----w- C:\Users\gary\AppData\Local\Programs
2013-05-01 08:13:22 -------- d-----w- C:\Users\gary\AppData\Local\PokerStars
2013-05-01 08:13:13 -------- d-----w- C:\Program Files (x86)\PokerStars
2013-05-01 07:00:10 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-05-01 07:00:04 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-01 05:56:06 -------- d-----w- C:\Program Files (x86)\FreeStopwatch
2013-04-30 20:03:38 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-04-30 18:08:21 -------- d-----w- C:\Users\gary\AppData\Local\HP
2013-04-30 16:57:01 -------- d-----w- C:\ProgramData\Licenses
2013-04-30 16:56:58 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-04-30 16:56:58 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2013-04-30 16:56:58 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-04-30 16:32:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-30 16:32:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-04-30 16:25:00 -------- d-----w- C:\Users\gary\AppData\Roaming\uTorrent
2013-04-30 16:18:39 -------- d-----w- C:\Users\gary\AppData\Roaming\AVG2013
2013-04-30 16:17:51 -------- d--h--w- C:\$AVG
2013-04-30 16:17:51 -------- d-----w- C:\ProgramData\AVG2013
2013-04-30 16:07:22 -------- d-----w- C:\Users\gary\AppData\Roaming\TuneUp Software
2013-04-30 16:06:40 -------- d-----w- C:\Program Files (x86)\AVG
2013-04-30 16:03:37 -------- d-----w- C:\Users\gary\AppData\Roaming\hpqlog
2013-04-30 16:02:16 -------- d--h--w- C:\ProgramData\Common Files
2013-04-30 16:02:16 -------- d-----w- C:\Users\gary\AppData\Local\MFAData
2013-04-30 16:02:16 -------- d-----w- C:\Users\gary\AppData\Local\Avg2013
2013-04-30 16:02:16 -------- d-----w- C:\ProgramData\MFAData
2013-04-30 15:50:16 -------- d-----w- C:\Users\gary\AppData\Roaming\ViStart
2013-04-30 15:50:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-04-30 15:45:26 -------- d-----w- C:\Users\gary\AppData\Local\Macromedia
2013-04-30 15:41:06 -------- d-----w- C:\Users\gary\AppData\Local\Mozilla
2013-04-30 15:40:53 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-30 15:35:28 -------- d-----w- C:\ProgramData\TrueSuite
2013-04-30 15:28:34 -------- d-----w- C:\Users\gary\AppData\Local\Hewlett-Packard
2013-04-30 15:28:34 -------- d-----w- C:\Users\gary\AppData\Local\ATI
2013-04-30 15:28:00 -------- d-----r- C:\Users\gary\Searches
2013-04-30 15:28:00 -------- d-----r- C:\Users\gary\Contacts
2013-04-30 15:26:38 -------- d-----w- C:\Users\gary\AppData\Local\Power2Go8
2013-04-30 15:26:25 -------- d-----w- C:\Users\gary\AppData\Roaming\Synaptics
2013-04-30 15:26:24 -------- d-----w- C:\Users\gary\AppData\Local\AuthenTec
2013-04-30 15:25:17 -------- d-----w- C:\Users\gary\AppData\Local\VirtualStore
2013-04-30 15:25:03 -------- d-----w- C:\Users\gary\AppData\Local\Packages
.
==================== Find3M ====================
.
2013-05-19 07:31:24 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-09 23:17:44 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe
2013-04-09 05:27:43 284424 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll
2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\Windows\System32\twinui.dll
2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\Windows\System32\mssvp.dll
2013-04-09 04:50:02 65024 ----a-w- C:\Windows\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\Windows\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\Windows\System32\msshooks.dll
2013-04-09 04:49:45 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45 281088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2013-04-09 04:49:36 817152 ----a-w- C:\Windows\System32\kerberos.dll
2013-04-09 04:49:33 210432 ----a-w- C:\Windows\System32\iuilp.dll
2013-04-09 04:49:16 50176 ----a-w- C:\Windows\System32\fmifs.dll
2013-04-09 04:49:16 231936 ----a-w- C:\Windows\System32\fhengine.dll
2013-04-09 04:49:09 172544 ----a-w- C:\Windows\System32\dwmredir.dll
2013-04-09 04:49:06 196096 ----a-w- C:\Windows\System32\dmvdsitf.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\Windows\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-04-09 04:48:42 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34 419840 ----a-w- C:\Windows\System32\intl.cpl
2013-04-09 02:35:13 4038144 ----a-w- C:\Windows\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\Windows\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\Windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05 623104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-04-09 02:32:02 805376 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-04-09 02:31:01 83456 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25 123880 ----a-w- C:\Windows\SysWow64\wscapi.dll
2013-04-08 23:39:14 1408896 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16 171008 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16 106496 ----a-w- C:\Windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17 503080 ----a-w- C:\Windows\System32\ci.dll
2013-03-30 18:16:05 1403784 ----a-w- C:\Windows\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\Windows\System32\winload.exe
2013-03-28 22:09:09 1093880 ----a-w- C:\Windows\System32\winresume.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\Windows\System32\winresume.efi
2013-03-15 22:05:34 298456 ----a-w- C:\Windows\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\Windows\SysWow64\rsaenh.dll
2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:23:00 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl
.
============= FINISH: 7:59:01.44 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-21 08:03:17
-----------------------------
08:03:17.950 OS Version: Windows x64 6.2.9200
08:03:17.950 Number of processors: 4 586 0x3A09
08:03:17.950 ComputerName: REDMEN UserName: gary
08:03:18.050 Initialze error 1
08:04:36.868 AVAST engine defs: 13052001
08:05:58.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000034
08:05:58.761 Disk 0 Vendor: Hitachi_HTS541010A9E680 JA0OA4D0 Size: 953869MB BusType: 8
08:05:58.771 Disk 0 MBR read successfully
08:05:58.771 Disk 0 MBR scan
08:05:58.791 Disk 0 unknown MBR code
08:05:58.801 Disk 0 Partition 1 00 EE GPT 953869 MB offset 1
08:05:58.801 Disk 0 scanning C:\Windows\system32\drivers
08:05:58.801 Service scanning
08:05:59.401 Modules scanning
08:05:59.401 Disk 0 trace - called modules:
08:05:59.411 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys storport.sys hal.dll iaStorA.sys
08:05:59.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b37740]
08:05:59.421 3 CLASSPNP.SYS[fffff8800213cfea] -> nt!IofCallDriver -> [0xfffffa8008b38630]
08:05:59.431 5 hpdskflt.sys[fffff88001fa2339] -> nt!IofCallDriver -> \Device\00000034[0xfffffa8008b297f0]
08:05:59.441 AVAST engine scan C:\Windows
08:05:59.441 AVAST engine scan C:\Windows\system32
08:05:59.451 AVAST engine scan C:\Windows\system32\drivers
08:05:59.461 AVAST engine scan C:\Users\gary
08:05:59.471 AVAST engine scan C:\ProgramData
08:05:59.471 Scan finished successfully
08:06:14.561 Disk 0 MBR has been saved successfully to "C:\Users\gary\Desktop\MBR.dat"
08:06:14.571 The log file has been saved successfully to "C:\Users\gary\Desktop\aswMBR.txt"

Attached Files

attach.zip (3.0 KB)