Hello, warsawtom. Thank you for your most recent DDS log and for the additional updates to your issue. It would be helpful if you do not post lengthy quotes when you reply, so that I do not have to scroll through so much to get to your response. Let's see if the following will resolve the remaining issues.
Advertising Center
This appears to be associated with Nero and seems to have installed with versions 8 and 9. To delete:
- Click Start > (My) Computer > Double click Local Disk C:.
- Click the following folder: Common files > Nero.
- If it exists, locate the following folder, right click on it, and then click Delete.
AdvrCntr4
MarketResearch
This appears to be associated with your HP products. It seems that when your printer was installed, it also installed a component named HP Customer Participation Program 13.0.
According to HP Support, “It provides customers an opportunity to participate in market research designed to improve HP products and experiences, and various programs with benefits such as special offers, awards and enhanced technical support.” Since removing this application does not interfere with printer updates, it is safe to uninstall, though you may receive a message that removing the program will affect the Printer Driver Software -- it will not.
Please navigate to your Programs and Features and uninstall HP Customer Participation Program 13.0.
Playtopus
Yes, the runDLL error is the result of deleting this from your Program Files. The program is still appearing under the Installed Programs list. Let’s try to uninstall Playtopus and any associated files using Revo Uninstaller.
Please download Revo Uninstaller freeware from http://www.revouninstaller.com/revo_..._download.html
- Double click the installation file on the desktop to run the installer.
- Let it install to the default location.
- Double click the new Revo Uninstaller Icon on the desktop to start the program. You will now see a list of installed programs that Revo Uninstaller can remove.
- Locate the program you are uninstalling: Playtopus
- Right click the Icon, then choose Uninstall.
- Click Yes to the warning and choose the Uninstall Mode.
- Choose the Advanced option, and then click Next.
- This will launch the program's built in uninstaller. Be patient as it can take several minutes.
- Once the uninstaller is done, click Next.
- Revo Uninstaller will now scan for leftover information. Be patient as it can take several minutes.
- Once this scan is done, click Next.
- You will then be presented of the leftover entries found by Revo Uninstaller.
- Look at ALL of the entries to ensure they relate to the uninstall. These should appear in bold print.
- Click Select All if they are related to the uninstall, or check only the entries that are related > Click Delete to remove the entries.
- Click Next.
- If there are any program file folders left over, you will be presented with a list to be removed.
- Again, look at ALL of the entries to ensure they are related to the uninstall.
- Click Select All if they are related to the uninstall, or check only the entries that are related. > Delete to remove the entries.
- Click Finish to go back to the uninstall list.
- Close the program.
You neglected to mention that the pop-up you have been receiving is an audio ad, or am I understanding that this is a new development? Let me know if we have now resolved anything.
"Hi fbfbfb,
Yes, it was always an audio pop-up. Apologies for not mentioning this. I didn't think it was significant information.
Here is what happened with your latest instructions:
1. Advertising Center - I didn't see a Common directory in the root of C: drive. There was a Common Files sub directory under Program Files, but there was no Nero sub directory. Anyway, I decided to uninstall the whole Nero 9 suite, since I haven't used it for a long time and not likely to use it.
2. Market Research - I uninstalled the HP Printer software, as per your instructions.
3. I have downloaded and run the Revo Uninstaller software. The sequence was somewhat different than the one in your instructions, but it seemed to have removed Playtopus. Or at least it doesn't show Playtopus as one of the apps available for uninstall. Perhaps one reason for the difference in the behavior may be that downloaded the 30 day trial of the pro version.
4. As to the outcome - give ma a day or so and I'll update you with the latest.
Thanks again."
"Another update,
The pop-up is still happening.
One more thing. I have opened this thread for the pain in the a... pop-up. However, now I think that there is another issue going on. I have noticed for while now that some sites / pages have some random hypertext links inserted in them. They are made to appear to belong on the page, but they clearly don't. When you mouse over these links, you get a pop-up, usually offers of full length HD movies and stuff like that. Initially I thought that the sites where hacked, but now I think it's my browser. Which makes me think, perhaps it's time to uninstall Firefox ? I have both Explorer and Chrome. Do you think this could help ?
Cheers"
Last edited by tashi; 2013-07-17 at 17:08. Reason: Removed quote
Hello warsawtom.
Uninstalling Nero was a good choice since the program was not being used at all. It's always a good idea to remove unused/obsolete programs from your system.
When it comes to malware, any little bit of information can be significant in resolving an issue. Is your audio pop-up strictly audio, or is it a combined audio-visual pop-up?
Audio Pop-up
Let's try to block it using the browsers' pop-up blockers.
For Internet Explorer
- Open Internet Explorer.
- Click Tools > Pop-up Blocker.
- Select Turn on Pop-up Blocker.
For Firefox
- Open Firefox.
- Click Tools > Options.
- Click the Content tab.
- Check mark Block pop-up windows > Click OK.
For Google Chrome
- Open Google Chrome.
- Click Tools > Options.
- Click the Under the Hood tab.
- Click Content Settings.
- Check mark Do not allow any site to show pop-ups > Click Close.
Random hypertext links
From your description, it appears your system has been injected with Text Enhance. Text Enhance is an adware program and browser hijacker, as well as an add-on for Internet Explorer, Firefox, and Chrome. It is typically added when you install other free programs. Since this is a very recent development, it may have installed alongside Revo Uninstaller, unless you have installed other freeware. Let's work through the following steps to remove Text Enhance.
1. Clear Browser Cache and Cookies
For Internet Explorer
- Open Internet Explorer.
- Click Tools > Internet Options found at the bottom.
- In the General tab, under Browser history, click Delete.
- Check mark all options and click Delete. If you want to preserve Passwords or Form Data, leave these unchecked.
For Firefox
- Open Firefox.
- Click Tools > Clear Recent History.
- Expand the Details option.
- Check mark Browsing & download history and Cookies.
- From the drop down menu, select Everything.
- Click Clear Now.
For Google Chrome
- Open Chrome.
- Click the Chrome menu icon (wrench or 3 bars) at the top right of the browser window.
- Select Tools.
- Select Clear browsing data. The Clear browsing data dialogue box appears in a new tab.
- From the drop-down menu next to Obliterate the following items from:, select the beginning of time.
- Check mark the following items:
- Empty the cache
- Delete cookies and other site and plug-in data
- Click Clear browsing data.
2. Uninstall Text Enhance in Programs
- Click Start and select Control Panel.
- When the Control Panel window opens, click on Uninstall a program found under the Programs category.
- If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
- Look through the list of programs. If Text Enhance is listed, left-click on it once to highlight it.
- Click on the Uninstall button.
- When asked if you are sure you want to uninstall, click Yes.
- The program will uninstall, and when completed, you will be back at the list of programs installed on your computer.
- When finished, close the Programs and Features screen.
3. Block/Disable/Remove Browser Extensions
For Internet Explorer
- Open Internet Explorer.
- Click Tools > Manage Add-ons.
- In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
- Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
- Highlight the extension (Text Enhance) you wish to remove, and select Disable.
- The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
- Click Close to exit the Manage Add-ons window.
For Firefox:
- Open Firefox.
- Click Tools > Add-ons.
- In the Add-ons window, under Add-on Types select Extensions.
- Click to highlight the extension (Text Enhance) you wish to remove and select Disable. If you want to delete an extension entirely, click Remove.
- The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
- Exit the Add-ons Manager window, and restart Firefox to complete the process.
For Google Chrome
- Open Google Chrome.
- Click the Chrome menu icon (wrench or 3 bars) at the top right of the browser window.
- Click Tools > Select Extensions to open the Options tab.
- Uncheck Enabled to disable the extension (Text Enhance), or click Remove to delete it completely.
4. Remove Text Enhance registry keys with Adwcleaner
.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on the Delete button.
- A logfile will automatically open after the scan has finished.
- You can also find the logfile at C:\AdwCleaner[S1].txt
Copy and paste the adwcleaner.txt report into your next reply.
5. Scan with Malwarebytes Anti-malware
Scan your computer with MBAM again and send me a fresh log.
Let me know if we have resolved the issues.
Hello, warsawtom.
Are you still with me?
Last edited by tashi; 2013-07-21 at 05:15. Reason: Topic was closed, now re-opened by request.
Hello, warsawtom.
To begin, please rescan your system with the following tools, and post the fresh logs. You will find instructions posted HERE.
- DDS
- aswMBR
"Hello fbfbfb,
I had no access to my PC for a week, so I have some catching up to do.
1. The pop-up is always a page, mostly with audio, but sometimes without.
2. Block pop-up windows check box was already checked in Firefox, so there was nothing to change.
3. Text Enhance
. Couldn't have been installed with Revo, since the problem existed before I downloaded and installed Revo. Having said that, I don't see this problem right now.
. I have cleared both Browse Cache and Cookies, as per your instructions.
. Text Enhance is not in Control Panel, so I couldn't uninstall.
. Text Enhance is not in Firefox Add-ons/Extensions. However, while I was there looking for Text Enhance, I noticed that the Playtopus is there. That's the one we have removed completely with Revo Uninstaller. Weird. Anyway, I disabled it.
4. AdwCleaner log:
# AdwCleaner v2.306 - Logfile created 07/21/2013 at 22:29:09
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tom - TK-PC
# Boot Mode : Normal
# Running from : C:\Users\Tom\Desktop\Recovery-Analysis\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\adawaretb
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFinder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Registry is clean.
-\\ Mozilla Firefox v22.0 (en-US)
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v28.0.1500.72
File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [43728 octets] - [03/07/2013 11:44:14]
AdwCleaner[S2].txt - [2490 octets] - [21/07/2013 22:29:09]
########## EOF - C:\AdwCleaner[S2].txt - [2550 octets] ##########
5. MBAM Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.21.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Tom :: TK-PC [administrator]
21/07/2013 10:35:41 PM
mbam-log-2013-07-21 (22-35-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249823
Time elapsed: 7 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
6. DDS Log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Tom at 22:45:30 on 2013-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4063.2267 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\notepad.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/ig?brand=SNNT&bmod=SNNT
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32H230VF05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [RogersServicepointAgent.exe] "C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6}\C45736B6973456461627 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6}\C45736B6973456461627D27657563747 : DHCPNameServer = 64.71.255.198
TCP: Interfaces\{D8C66690-0689-439D-B5E1-88727E74FD60} : DHCPNameServer = 64.71.255.198 64.71.255.253
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.my.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-15 10:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-06-21 10:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2010-02-21 13:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2010-02-21 13:09; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-20 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-28 45856]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-21 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-2-21 189984]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-24 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-20 104960]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-20 19968]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-23 36392]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-2-21 5435904]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-5-18 11856]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d948b3cbde68;Google Update Service (gupdate1c9d948b3cbde68);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-20 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-23 300032]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-17 44480]
S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\Windows\System32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 98304]
S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\Windows\System32\drivers\nokia_cs1x_cdc_ecm.sys [2010-4-22 53760]
S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\Windows\System32\drivers\nokia_cs1x_cpo.sys [2010-4-22 13824]
S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\Windows\System32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 97280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-7-12 31800]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-20 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-20 110376]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
S4 RogersUpdateManager;Rogers Update Manager;C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [2010-6-3 163840]
S4 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-21 167424]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-2-21 120104]
S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-2-21 70952]
S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-2-21 427304]
S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-2-21 75048]
S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-2-21 91432]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2013-07-12 14:48:19 -------- d-----w- C:\Eclipse
2013-07-12 12:29:18 -------- d-----w- C:\Users\Tom\AppData\Local\VS Revo Group
2013-07-12 12:29:14 -------- d-----w- C:\ProgramData\VS Revo Group
2013-07-12 12:29:13 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2013-07-12 12:29:12 -------- d-----w- C:\Program Files\VS Revo Group
2013-07-10 20:10:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-10 20:10:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-10 20:10:00 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-07-10 20:10:00 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-07-10 20:10:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-07-10 20:10:00 235520 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-07-10 13:29:17 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 13:29:16 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 13:29:16 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 13:29:16 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 13:29:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 13:29:16 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 13:29:16 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 13:29:15 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 13:29:15 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 13:29:15 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 13:29:15 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 13:28:56 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 13:28:55 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 13:28:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 13:28:55 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 13:28:55 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:28:54 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:28:34 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 13:28:34 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-06 21:47:08 -------- d-----w- C:\_OTL
2013-07-05 17:20:47 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-05 17:00:24 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes
2013-07-05 16:59:56 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-05 16:59:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-05 16:59:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 15:55:08 -------- d-----w- C:\Windows\ERUNT
2013-07-03 15:55:03 -------- d-----w- C:\JRT
2013-07-03 15:44:25 242 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-07-03 15:13:39 -------- d-----w- C:\$RECYCLE.BIN
2013-07-02 00:07:28 98816 ----a-w- C:\Windows\sed.exe
2013-07-02 00:07:28 256000 ----a-w- C:\Windows\PEV.exe
2013-07-02 00:07:28 208896 ----a-w- C:\Windows\MBR.exe
2013-07-01 20:55:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 14:13:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-24 14:13:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2013-07-21 13:24:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 13:24:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-01 20:54:57 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-01 20:54:57 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-26 22:32:04 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-21 14:18:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-06-21 14:18:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 22:46:05.36 ===============
7. aswMBR log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-21 22:49:14
-----------------------------
22:49:14.188 OS Version: Windows x64 6.1.7601 Service Pack 1
22:49:14.188 Number of processors: 2 586 0x170A
22:49:14.188 ComputerName: TK-PC UserName: Tom
22:49:15.638 Initialize success
22:49:38.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:49:38.910 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:49:38.925 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000078
22:49:38.925 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
22:49:38.925 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000079
22:49:38.941 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
22:49:39.034 Disk 0 MBR read successfully
22:49:39.034 Disk 0 MBR scan
22:49:39.050 Disk 0 Windows 7 default MBR code
22:49:39.066 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10241 MB offset 2048
22:49:39.081 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295002 MB offset 20975616
22:49:39.112 Disk 0 scanning C:\Windows\system32\drivers
22:49:46.538 Service scanning
22:50:04.277 Modules scanning
22:50:04.792 Disk 0 trace - called modules:
22:50:04.839 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:50:04.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005792060]
22:50:04.854 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003cf3b50]
22:50:04.870 5 ACPI.sys[fffff88000f067a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800473c050]
22:50:04.870 Scan finished successfully
22:51:20.047 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\Recovery-Analysis\MBR.dat"
22:51:20.047 The log file has been saved successfully to "C:\Users\Tom\Desktop\Recovery-Analysis\aswMBR_21_07_2013.txt"
Attach_21_07_2013.zip
Thanks"
Hello, warsawtom.
Thank you for the logs and your updated information. It is not unusual for malware to resurface after removal, as was the case for Playtopus.
Please work through the following tasks
1. Please send me a screenshot of the pop-up window.
2. You mentioned in post 23 that you did not use Nero and had completely uninstalled it. Your latest DDS log indicates that the program is still appearing in your Control Panel. Your pop-up may be associated with Nero's Advertising Center as I had previously explained in post 22. Please uninstall the following Nero applications in your Control Panel's Programs list:
- Nero ControlCenter
- Nero Express
- Nero InfoTool
- Nero Live
- Nero Live Help
- Nero PhotoSnap Help
- Nero Recode Help
- Nero ShowTime
- Nero StartSmart Help
- Nero Vision
- Nero WaveEditor Help
- neroxml
Please run the following scan
Run OTL.exe
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
- Then click the Run Fix button at the top.
Code::OTL (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128] :Commands [emptytemp] [resethosts]
- Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
- Post the new log in your next reply.
CHECKLIST: In your next reply, please post the following:
- OTL log
- Screenshot of pop-up window
- Let me know if uninstalling the Nero applications resolved the pop-up.
"Hi fbfbfb,
1.The pop-up has not occurred today, so I will update the thread with a screen shot, if and when it does.
2. I have uninstalled Nero before and there is nothing Nero related in the Control Panel. Perhaps we should use Revo Uninstaller ?
3. OT Log:
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 15615 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Google Chrome cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tom
->Temp folder emptied: 2004939 bytes
->Temporary Internet Files folder emptied: 7899398 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62522630 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 897 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123583 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3727 bytes
Total Files Cleaned = 69.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 07222013_183215
Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tom\AppData\Local\Temp\VGX3A61.tmp moved successfully.
C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Thanks"