Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 42

Thread: The_official_survey pop up

  1. #21
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    Quote Originally Posted by warsawtom View Post
    "One more update,
    I haven't seen that pop-up since the last round of deletes, though I'd like to give it a couple of days before we declare victory. However, since I deleted the PLAYTOPUS directory, once in a while I get the following RunDLL Error Message:
    There was a problem starting
    C:\Users\Tom\AppData\Local\ PLAYTO~1\Updater.dll

    I assume that's because I had deleted it. Would be nice to get rid of this Error Message.
    Thanks"
    "Another update: The pop-up is still there :-(. Doubt that this means anything, but today I had a new variant - Instead of the usual perky young American girl's voice: "You have been selected...etc...", today I got the not so cheerful Brithish woman's voice...
    "

  2. #22
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default The_official_survey pop up

    Hello, warsawtom. Thank you for your most recent DDS log and for the additional updates to your issue. It would be helpful if you do not post lengthy quotes when you reply, so that I do not have to scroll through so much to get to your response. Let's see if the following will resolve the remaining issues.

    Advertising Center

    This appears to be associated with Nero and seems to have installed with versions 8 and 9. To delete:
    • Click Start > (My) Computer > Double click Local Disk C:.
    • Click the following folder: Common files > Nero.
    • If it exists, locate the following folder, right click on it, and then click Delete.

    AdvrCntr4

    MarketResearch

    This appears to be associated with your HP products. It seems that when your printer was installed, it also installed a component named HP Customer Participation Program 13.0.

    According to HP Support, “It provides customers an opportunity to participate in market research designed to improve HP products and experiences, and various programs with benefits such as special offers, awards and enhanced technical support.” Since removing this application does not interfere with printer updates, it is safe to uninstall, though you may receive a message that removing the program will affect the Printer Driver Software -- it will not.

    Please navigate to your Programs and Features and uninstall HP Customer Participation Program 13.0.

    Playtopus

    Yes, the runDLL error is the result of deleting this from your Program Files. The program is still appearing under the Installed Programs list. Let’s try to uninstall Playtopus and any associated files using Revo Uninstaller.

    Please download Revo Uninstaller freeware from http://www.revouninstaller.com/revo_..._download.html

    • Double click the installation file on the desktop to run the installer.
    • Let it install to the default location.
    • Double click the new Revo Uninstaller Icon on the desktop to start the program. You will now see a list of installed programs that Revo Uninstaller can remove.
    • Locate the program you are uninstalling: Playtopus
    • Right click the Icon, then choose Uninstall.
    • Click Yes to the warning and choose the Uninstall Mode.
    • Choose the Advanced option, and then click Next.
    • This will launch the program's built in uninstaller. Be patient as it can take several minutes.
    • Once the uninstaller is done, click Next.
    • Revo Uninstaller will now scan for leftover information. Be patient as it can take several minutes.
    • Once this scan is done, click Next.
    • You will then be presented of the leftover entries found by Revo Uninstaller.
    • Look at ALL of the entries to ensure they relate to the uninstall. These should appear in bold print.
    • Click Select All if they are related to the uninstall, or check only the entries that are related > Click Delete to remove the entries.
    • Click Next.
    • If there are any program file folders left over, you will be presented with a list to be removed.
    • Again, look at ALL of the entries to ensure they are related to the uninstall.
    • Click Select All if they are related to the uninstall, or check only the entries that are related. > Delete to remove the entries.
    • Click Finish to go back to the uninstall list.
    • Close the program.


    You neglected to mention that the pop-up you have been receiving is an audio ad, or am I understanding that this is a new development? Let me know if we have now resolved anything.

  3. #23
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Hi fbfbfb,
    Yes, it was always an audio pop-up. Apologies for not mentioning this. I didn't think it was significant information.
    Here is what happened with your latest instructions:

    1. Advertising Center - I didn't see a Common directory in the root of C: drive. There was a Common Files sub directory under Program Files, but there was no Nero sub directory. Anyway, I decided to uninstall the whole Nero 9 suite, since I haven't used it for a long time and not likely to use it.
    2. Market Research - I uninstalled the HP Printer software, as per your instructions.
    3. I have downloaded and run the Revo Uninstaller software. The sequence was somewhat different than the one in your instructions, but it seemed to have removed Playtopus. Or at least it doesn't show Playtopus as one of the apps available for uninstall. Perhaps one reason for the difference in the behavior may be that downloaded the 30 day trial of the pro version.
    4. As to the outcome - give ma a day or so and I'll update you with the latest.

    Thanks again."

  4. #24
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Another update,
    The pop-up is still happening.
    One more thing. I have opened this thread for the pain in the a... pop-up. However, now I think that there is another issue going on. I have noticed for while now that some sites / pages have some random hypertext links inserted in them. They are made to appear to belong on the page, but they clearly don't. When you mouse over these links, you get a pop-up, usually offers of full length HD movies and stuff like that. Initially I thought that the sites where hacked, but now I think it's my browser. Which makes me think, perhaps it's time to uninstall Firefox ? I have both Explorer and Chrome. Do you think this could help ?

    Cheers"
    Last edited by tashi; 2013-07-17 at 18:08. Reason: Removed quote

  5. #25
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default The_official_survey pop up

    Hello warsawtom.

    Uninstalling Nero was a good choice since the program was not being used at all. It's always a good idea to remove unused/obsolete programs from your system.

    When it comes to malware, any little bit of information can be significant in resolving an issue. Is your audio pop-up strictly audio, or is it a combined audio-visual pop-up?

    Audio Pop-up

    Let's try to block it using the browsers' pop-up blockers.

    For Internet Explorer

    • Open Internet Explorer.
    • Click Tools > Pop-up Blocker.
    • Select Turn on Pop-up Blocker.

    For Firefox

    • Open Firefox.
    • Click Tools > Options.
    • Click the Content tab.
    • Check mark Block pop-up windows > Click OK.

    For Google Chrome

    • Open Google Chrome.
    • Click Tools > Options.
    • Click the Under the Hood tab.
    • Click Content Settings.
    • Check mark Do not allow any site to show pop-ups > Click Close.

    Random hypertext links

    From your description, it appears your system has been injected with Text Enhance. Text Enhance is an adware program and browser hijacker, as well as an add-on for Internet Explorer, Firefox, and Chrome. It is typically added when you install other free programs. Since this is a very recent development, it may have installed alongside Revo Uninstaller, unless you have installed other freeware. Let's work through the following steps to remove Text Enhance.

    1. Clear Browser Cache and Cookies

    For Internet Explorer

    • Open Internet Explorer.
    • Click Tools > Internet Options found at the bottom.
    • In the General tab, under Browser history, click Delete.
    • Check mark all options and click Delete. If you want to preserve Passwords or Form Data, leave these unchecked.

    For Firefox

    • Open Firefox.
    • Click Tools > Clear Recent History.
    • Expand the Details option.
    • Check mark Browsing & download history and Cookies.
    • From the drop down menu, select Everything.
    • Click Clear Now.

    For Google Chrome

    • Open Chrome.
    • Click the Chrome menu icon (wrench or 3 bars) at the top right of the browser window.
    • Select Tools.
    • Select Clear browsing data. The Clear browsing data dialogue box appears in a new tab.
    • From the drop-down menu next to Obliterate the following items from:, select the beginning of time.
    • Check mark the following items:

    • Empty the cache
    • Delete cookies and other site and plug-in data

    • Click Clear browsing data.

    2. Uninstall Text Enhance in Programs

    • Click Start and select Control Panel.
    • When the Control Panel window opens, click on Uninstall a program found under the Programs category.
    • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
    • Look through the list of programs. If Text Enhance is listed, left-click on it once to highlight it.
    • Click on the Uninstall button.
    • When asked if you are sure you want to uninstall, click Yes.
    • The program will uninstall, and when completed, you will be back at the list of programs installed on your computer.
    • When finished, close the Programs and Features screen.

    3. Block/Disable/Remove Browser Extensions

    For Internet Explorer

    • Open Internet Explorer.
    • Click Tools > Manage Add-ons.
    • In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
    • Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
    • Highlight the extension (Text Enhance) you wish to remove, and select Disable.
    • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
    • Click Close to exit the Manage Add-ons window.

    For Firefox:

    • Open Firefox.
    • Click Tools > Add-ons.
    • In the Add-ons window, under Add-on Types select Extensions.
    • Click to highlight the extension (Text Enhance) you wish to remove and select Disable. If you want to delete an extension entirely, click Remove.
    • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
    • Exit the Add-ons Manager window, and restart Firefox to complete the process.

    For Google Chrome

    • Open Google Chrome.
    • Click the Chrome menu icon (wrench or 3 bars) at the top right of the browser window.
    • Click Tools > Select Extensions to open the Options tab.
    • Uncheck Enabled to disable the extension (Text Enhance), or click Remove to delete it completely.

    4. Remove Text Enhance registry keys with Adwcleaner

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on the Delete button.
    • A logfile will automatically open after the scan has finished.
    • You can also find the logfile at C:\AdwCleaner[S1].txt
    .
    Copy and paste the adwcleaner.txt report into your next reply.

    5. Scan with Malwarebytes Anti-malware

    Scan your computer with MBAM again and send me a fresh log.

    Let me know if we have resolved the issues.

  6. #26
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default The_official_survey pop up

    Hello, warsawtom.

    Are you still with me?
    Last edited by tashi; 2013-07-21 at 06:15. Reason: Topic was closed, now re-opened by request.

  7. #27
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default The_official_survey pop up

    Hello, warsawtom.

    To begin, please rescan your system with the following tools, and post the fresh logs. You will find instructions posted HERE.

    • DDS
    • aswMBR

  8. #28
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Hello fbfbfb,
    I had no access to my PC for a week, so I have some catching up to do.

    1. The pop-up is always a page, mostly with audio, but sometimes without.
    2. Block pop-up windows check box was already checked in Firefox, so there was nothing to change.
    3. Text Enhance
    . Couldn't have been installed with Revo, since the problem existed before I downloaded and installed Revo. Having said that, I don't see this problem right now.
    . I have cleared both Browse Cache and Cookies, as per your instructions.
    . Text Enhance is not in Control Panel, so I couldn't uninstall.
    . Text Enhance is not in Firefox Add-ons/Extensions. However, while I was there looking for Text Enhance, I noticed that the Playtopus is there. That's the one we have removed completely with Revo Uninstaller. Weird. Anyway, I disabled it.
    4. AdwCleaner log:

    # AdwCleaner v2.306 - Logfile created 07/21/2013 at 22:29:09
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tom - TK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tom\Desktop\Recovery-Analysis\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\adawaretb

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFinder
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Mozilla Firefox v22.0 (en-US)

    File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v28.0.1500.72

    File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [43728 octets] - [03/07/2013 11:44:14]
    AdwCleaner[S2].txt - [2490 octets] - [21/07/2013 22:29:09]

    ########## EOF - C:\AdwCleaner[S2].txt - [2550 octets] ##########

    5. MBAM Log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.07.21.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16635
    Tom :: TK-PC [administrator]

    21/07/2013 10:35:41 PM
    mbam-log-2013-07-21 (22-35-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 249823
    Time elapsed: 7 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    6. DDS Log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
    Run by Tom at 22:45:30 on 2013-07-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4063.2267 [GMT -4:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
    C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Logitech\SetPoint\LBTWiz.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Windows\notepad.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/ig?brand=SNNT&bmod=SNNT
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32H230VF05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
    uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [RogersServicepointAgent.exe] "C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6}\C45736B6973456461627 : DHCPNameServer = 64.71.255.204 64.71.255.198
    TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6}\C45736B6973456461627D27657563747 : DHCPNameServer = 64.71.255.198
    TCP: Interfaces\{D8C66690-0689-439D-B5E1-88727E74FD60} : DHCPNameServer = 64.71.255.198 64.71.255.253
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\
    FF - prefs.js: browser.startup.homepage - hxxp://ca.my.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-06-15 10:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-06-21 10:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:09; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-20 55280]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-28 45856]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-21 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-2-21 189984]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-24 1153368]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-20 104960]
    R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-20 19968]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-23 36392]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-2-21 5435904]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-5-18 11856]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c9d948b3cbde68;Google Update Service (gupdate1c9d948b3cbde68);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-20 133104]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
    S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-23 300032]
    S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-17 44480]
    S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\Windows\System32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 98304]
    S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\Windows\System32\drivers\nokia_cs1x_cdc_ecm.sys [2010-4-22 53760]
    S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\Windows\System32\drivers\nokia_cs1x_cpo.sys [2010-4-22 13824]
    S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\Windows\System32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 97280]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-7-12 31800]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-20 394536]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-20 110376]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
    S4 RogersUpdateManager;Rogers Update Manager;C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [2010-6-3 163840]
    S4 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-21 167424]
    S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-2-21 120104]
    S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-2-21 70952]
    S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-2-21 427304]
    S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-2-21 75048]
    S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-2-21 91432]
    S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
    .
    =============== File Associations ===============
    .
    ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-07-12 14:48:19 -------- d-----w- C:\Eclipse
    2013-07-12 12:29:18 -------- d-----w- C:\Users\Tom\AppData\Local\VS Revo Group
    2013-07-12 12:29:14 -------- d-----w- C:\ProgramData\VS Revo Group
    2013-07-12 12:29:13 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2013-07-12 12:29:12 -------- d-----w- C:\Program Files\VS Revo Group
    2013-07-10 20:10:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-10 20:10:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-10 20:10:00 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
    2013-07-10 20:10:00 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2013-07-10 20:10:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    2013-07-10 20:10:00 235520 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2013-07-10 13:29:17 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
    2013-07-10 13:29:16 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-10 13:29:16 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
    2013-07-10 13:29:16 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
    2013-07-10 13:29:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
    2013-07-10 13:29:16 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
    2013-07-10 13:29:16 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
    2013-07-10 13:29:15 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-07-10 13:29:15 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-07-10 13:29:15 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-10 13:29:15 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-10 13:28:56 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-07-10 13:28:55 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2013-07-10 13:28:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2013-07-10 13:28:55 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2013-07-10 13:28:55 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 13:28:54 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 13:28:34 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-07-10 13:28:34 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-07-06 21:47:08 -------- d-----w- C:\_OTL
    2013-07-05 17:20:47 -------- d-----w- C:\Program Files (x86)\ESET
    2013-07-05 17:00:24 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes
    2013-07-05 16:59:56 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-07-05 16:59:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-07-05 16:59:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-07-03 15:55:08 -------- d-----w- C:\Windows\ERUNT
    2013-07-03 15:55:03 -------- d-----w- C:\JRT
    2013-07-03 15:44:25 242 ----a-w- C:\Windows\DeleteOnReboot.bat
    2013-07-03 15:13:39 -------- d-----w- C:\$RECYCLE.BIN
    2013-07-02 00:07:28 98816 ----a-w- C:\Windows\sed.exe
    2013-07-02 00:07:28 256000 ----a-w- C:\Windows\PEV.exe
    2013-07-02 00:07:28 208896 ----a-w- C:\Windows\MBR.exe
    2013-07-01 20:55:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-24 14:13:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-06-24 14:13:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    .
    ==================== Find3M ====================
    .
    2013-07-21 13:24:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-21 13:24:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-07-01 20:54:57 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-07-01 20:54:57 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-26 22:32:04 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-06-21 14:18:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-06-21 14:18:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    .
    ============= FINISH: 22:46:05.36 ===============

    7. aswMBR log:

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-07-21 22:49:14
    -----------------------------
    22:49:14.188 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:49:14.188 Number of processors: 2 586 0x170A
    22:49:14.188 ComputerName: TK-PC UserName: Tom
    22:49:15.638 Initialize success
    22:49:38.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:49:38.910 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    22:49:38.925 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000078
    22:49:38.925 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
    22:49:38.925 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000079
    22:49:38.941 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
    22:49:39.034 Disk 0 MBR read successfully
    22:49:39.034 Disk 0 MBR scan
    22:49:39.050 Disk 0 Windows 7 default MBR code
    22:49:39.066 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10241 MB offset 2048
    22:49:39.081 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295002 MB offset 20975616
    22:49:39.112 Disk 0 scanning C:\Windows\system32\drivers
    22:49:46.538 Service scanning
    22:50:04.277 Modules scanning
    22:50:04.792 Disk 0 trace - called modules:
    22:50:04.839 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    22:50:04.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005792060]
    22:50:04.854 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003cf3b50]
    22:50:04.870 5 ACPI.sys[fffff88000f067a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800473c050]
    22:50:04.870 Scan finished successfully
    22:51:20.047 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\Recovery-Analysis\MBR.dat"
    22:51:20.047 The log file has been saved successfully to "C:\Users\Tom\Desktop\Recovery-Analysis\aswMBR_21_07_2013.txt"


    Attach_21_07_2013.zip

    Thanks"

  9. #29
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default The_official_survey pop up

    Hello, warsawtom.

    Thank you for the logs and your updated information. It is not unusual for malware to resurface after removal, as was the case for Playtopus.

    Please work through the following tasks

    1. Please send me a screenshot of the pop-up window.

    2. You mentioned in post 23 that you did not use Nero and had completely uninstalled it. Your latest DDS log indicates that the program is still appearing in your Control Panel. Your pop-up may be associated with Nero's Advertising Center as I had previously explained in post 22. Please uninstall the following Nero applications in your Control Panel's Programs list:
    • Nero ControlCenter
    • Nero Express
    • Nero InfoTool
    • Nero Live
    • Nero Live Help
    • Nero PhotoSnap Help
    • Nero Recode Help
    • Nero ShowTime
    • Nero StartSmart Help
    • Nero Vision
    • Nero WaveEditor Help
    • neroxml

    Please run the following scan

    Run OTL.exe
    • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
    • Then click the Run Fix button at the top.

    Code:
    :OTL
    (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
    
    :Commands
    [emptytemp]
    [resethosts]
    • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
    • Post the new log in your next reply.


    CHECKLIST: In your next reply, please post the following:

    • OTL log
    • Screenshot of pop-up window
    • Let me know if uninstalling the Nero applications resolved the pop-up.

  10. #30
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Hi fbfbfb,
    1.The pop-up has not occurred today, so I will update the thread with a screen shot, if and when it does.
    2. I have uninstalled Nero before and there is nothing Nero related in the Control Panel. Perhaps we should use Revo Uninstaller ?
    3. OT Log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 15615 bytes
    ->Temporary Internet Files folder emptied: 128 bytes
    ->Google Chrome cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tom
    ->Temp folder emptied: 2004939 bytes
    ->Temporary Internet Files folder emptied: 7899398 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 62522630 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 897 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 123583 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 3727 bytes

    Total Files Cleaned = 69.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 07222013_183215

    Files\Folders moved on Reboot...
    C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Tom\AppData\Local\Temp\VGX3A61.tmp moved successfully.
    C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Thanks"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •