My browsers have been hijacked by v9
I am sorry but I am a bit of a door stop on this sort of thing.
My IE, Google Chrome and Mozilla firefox have been hijacked first by "My Search LLC" and now by v9 and a Lavasoft search engine keeps poping up. I disabled the EGIS extensions (which seemed to be the associations for "My Search" in my Internet Options settings and "My Search' seems to have gone quiet. I also unistalled Chrome and Firefox because I thought that might be a good idea to try to restrict the hijacking of browsers? I uninstalled Astroburn lite, uTorrent, uplayer and a few others as you people said they are main conduits for hijackings/hacking. I have also tried to uninstall NTI media maker 8 twice but it keeps coming back into my Progammes!!! Maybe there is something not right with this app.
I think I was first hijacked about 2 months ago without really noticing and I did use internet banking but I don't think I used my credit card. It has only been in the last week or so weird things started happening especially when I tried to reset my default browser and use blank thinking it wouls solve the problems. My friend told me the hijacker files are hidden on my hard disc and it is not easy for a door stop (that's me)to identify and get rid of them. That is why I here now he told me to find a forum for help.
Can someone help me please???
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2
Run by ian at 17:24:14 on 2013-08-28
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3000.1121 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\System32\ChgService.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\WiTopia\WiTopiaService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\ian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WiTopia\WiTopia.exe
C:\Program Files\WiTopia\Resources\openvpn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=DFBD41CE936A7A1469CA75521A4D0799
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mSearchAssistant = hxxp://search.v9.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=0
mCustomizeSearch = hxxp://search.v9.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=0
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: DataMngr: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - LocalServer32 - <no file>
BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - c:\program files\file2linkib\file2linkibX.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\ian\appdata\roaming\media finder\extensions\gencrawler_gc.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Search-Results Toolbar: {dd6b651f-dfb9-4142-b0bd-09912ad22674} -
BHO: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - c:\program files\file2linkib\file2linkibX.dll
TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start AVG | Free Uninstall Survey
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.17.1
TCP: Interfaces\{3768789C-A3CE-40F8-9129-BAFD632F7118} : DHCPNameServer = 10.118.0.1
TCP: Interfaces\{BC4BC220-238A-4EFC-9CAA-477A66280E3F} : DHCPNameServer = 192.168.17.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\bandoo\bndhook.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-25 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-7-5 101720]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-30 61424]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-11-23 135168]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-30 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-30 122368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2012-2-17 135016]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2228008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\drivers\visctap0901.sys [2012-9-1 33736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\ian\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\ian\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?]
S2 nfchrkp;Support Driver;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-26 348352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-11-23 103424]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-21 24064]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-17 19968]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-3-23 75776]
.
=============== Created Last 30 ================
.
2013-08-28 10:48:59 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a177694-d927-45eb-98d7-ad319f6bde31}\mpengine.dll
2013-08-27 16:14:21 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-27 04:10:38 -------- d-----w- c:\program files\RealNetworks
2013-08-27 04:10:37 -------- d-----w- c:\programdata\RealNetworks
2013-08-27 04:09:36 -------- d-----w- c:\program files\common files\xing shared
2013-08-25 19:14:29 -------- d-----w- c:\users\ian\appdata\roaming\LavasoftStatistics
2013-08-25 18:30:45 -------- d-----w- c:\programdata\Downloaded Installations
2013-08-25 18:30:24 -------- d-----w- c:\users\ian\appdata\local\adawarebp
2013-08-25 18:30:19 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-25 18:29:26 -------- d-----w- c:\program files\Lavasoft
2013-08-25 18:20:24 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-08-25 18:20:24 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-24 12:59:16 -------- d-----w- c:\users\ian\appdata\local\appbario16
2013-08-24 10:57:54 786272 ----a-w- c:\program files\uninstall information\ib\97\3867\ib_uninstall.exe
2013-08-24 10:47:29 -------- d-----w- c:\program files\MyPC Backup
2013-08-24 10:46:39 -------- d-----w- c:\users\ian\appdata\roaming\SpeedAnalysis2
2013-08-24 10:45:39 -------- d-----w- c:\users\ian\appdata\roaming\7go
2013-08-24 10:45:11 -------- d-----w- c:\programdata\IBUpdaterService
2013-08-24 10:45:08 -------- d-----w- c:\users\ian\appdata\roaming\File Scout
2013-08-23 09:50:21 -------- d-----w- c:\programdata\ErrorEND
2013-08-23 09:50:02 -------- d-----w- c:\program files\ErrorEND
2013-08-23 09:12:48 -------- d-----w- C:\a(1)
2013-08-22 15:08:37 -------- d-----w- c:\users\ian\appdata\roaming\Anvisoft
2013-08-22 15:08:12 -------- d-----w- c:\programdata\Anvisoft
2013-08-22 15:07:53 -------- d-----w- c:\program files\Anvisoft
2013-08-22 13:30:31 -------- d-----w- c:\users\ian\appdata\local\CRE
2013-08-22 13:30:29 -------- d-----w- c:\program files\Conduit
2013-08-22 12:18:50 697992 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7b521edf-1538-4e76-998f-b308e6eeb0ab}\gapaengine.dll
2013-08-21 13:14:08 17737608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-08-20 11:43:18 -------- d-----w- c:\programdata\GOOBZO
2013-08-20 09:26:10 -------- d-----w- c:\program files\Enigma Software Group
2013-08-20 09:24:14 -------- d-----w- c:\windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-08-20 09:24:07 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-08-18 17:17:35 -------- d-----w- c:\users\ian\fontconfig
2013-08-14 04:54:36 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 04:54:35 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 04:54:34 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 04:54:34 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 04:54:17 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 04:54:10 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 04:54:08 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 04:54:06 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 04:54:06 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 04:54:00 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 04:53:59 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 04:53:59 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 04:53:57 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-09 19:26:44 172032 ----a-w- c:\windows\system32\AniGIF.ocx
.
==================== Find3M ====================
.
2013-08-21 13:14:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 13:14:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-15 11:19:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 11:19:44 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-15 11:19:43 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-18 18:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 18:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
2011-12-11 16:18:50 3552208 ----a-w- c:\program files\ccsetup313.exe
2011-07-01 11:44:37 1393104 ----a-w- c:\program files\MapsSetup.exe
2011-07-01 09:49:20 1980360 ----a-w- c:\program files\MailNotifierSetup.exe
2011-03-21 12:46:19 1770248 ----a-w- c:\program files\BandooV6 (2).exe
2010-10-02 18:40:55 5542672 ----a-w- c:\program files\HSS-1.52-install-anchorfree-76-conduit.exe
2008-09-10 07:00:09 1724416 ----a-w- c:\program files\gdiplus.dll
.
============= FINISH: 17:26:45.49 ===============
I am sorry but I am a bit of a door stop on this sort of thing.
My IE, Google Chrome and Mozilla firefox have been hijacked first by "My Search LLC" and now by v9 and a Lavasoft search engine keeps poping up. I disabled the EGIS extensions (which seemed to be the associations for "My Search" in my Internet Options settings and "My Search' seems to have gone quiet. I also unistalled Chrome and Firefox because I thought that might be a good idea to try to restrict the hijacking of browsers? I uninstalled Astroburn lite, uTorrent, uplayer and a few others as you people said they are main conduits for hijackings/hacking. I have also tried to uninstall NTI media maker 8 twice but it keeps coming back into my Progammes!!! Maybe there is something not right with this app.
I think I was first hijacked about 2 months ago without really noticing and I did use internet banking but I don't think I used my credit card. It has only been in the last week or so weird things started happening especially when I tried to reset my default browser and use blank thinking it wouls solve the problems. My friend told me the hijacker files are hidden on my hard disc and it is not easy for a door stop (that's me)to identify and get rid of them. That is why I here now he told me to find a forum for help.
Can someone help me please???
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2
Run by ian at 17:24:14 on 2013-08-28
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.3000.1121 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\System32\ChgService.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\WiTopia\WiTopiaService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\ian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WiTopia\WiTopia.exe
C:\Program Files\WiTopia\Resources\openvpn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=DFBD41CE936A7A1469CA75521A4D0799
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mSearchAssistant = hxxp://search.v9.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=0
mCustomizeSearch = hxxp://search.v9.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=0
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: DataMngr: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - LocalServer32 - <no file>
BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - c:\program files\file2linkib\file2linkibX.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\ian\appdata\roaming\media finder\extensions\gencrawler_gc.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Search-Results Toolbar: {dd6b651f-dfb9-4142-b0bd-09912ad22674} -
BHO: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - c:\program files\file2linkib\file2linkibX.dll
TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start AVG | Free Uninstall Survey
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.17.1
TCP: Interfaces\{3768789C-A3CE-40F8-9129-BAFD632F7118} : DHCPNameServer = 10.118.0.1
TCP: Interfaces\{BC4BC220-238A-4EFC-9CAA-477A66280E3F} : DHCPNameServer = 192.168.17.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\bandoo\bndhook.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-25 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-7-5 101720]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-30 61424]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-11-23 135168]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-30 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-30 122368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2012-2-17 135016]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2228008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\drivers\visctap0901.sys [2012-9-1 33736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\ian\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\ian\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?]
S2 nfchrkp;Support Driver;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-26 348352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-11-23 103424]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-21 24064]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-17 19968]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-3-23 75776]
.
=============== Created Last 30 ================
.
2013-08-28 10:48:59 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a177694-d927-45eb-98d7-ad319f6bde31}\mpengine.dll
2013-08-27 16:14:21 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-27 04:10:38 -------- d-----w- c:\program files\RealNetworks
2013-08-27 04:10:37 -------- d-----w- c:\programdata\RealNetworks
2013-08-27 04:09:36 -------- d-----w- c:\program files\common files\xing shared
2013-08-25 19:14:29 -------- d-----w- c:\users\ian\appdata\roaming\LavasoftStatistics
2013-08-25 18:30:45 -------- d-----w- c:\programdata\Downloaded Installations
2013-08-25 18:30:24 -------- d-----w- c:\users\ian\appdata\local\adawarebp
2013-08-25 18:30:19 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-25 18:29:26 -------- d-----w- c:\program files\Lavasoft
2013-08-25 18:20:24 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-08-25 18:20:24 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-24 12:59:16 -------- d-----w- c:\users\ian\appdata\local\appbario16
2013-08-24 10:57:54 786272 ----a-w- c:\program files\uninstall information\ib\97\3867\ib_uninstall.exe
2013-08-24 10:47:29 -------- d-----w- c:\program files\MyPC Backup
2013-08-24 10:46:39 -------- d-----w- c:\users\ian\appdata\roaming\SpeedAnalysis2
2013-08-24 10:45:39 -------- d-----w- c:\users\ian\appdata\roaming\7go
2013-08-24 10:45:11 -------- d-----w- c:\programdata\IBUpdaterService
2013-08-24 10:45:08 -------- d-----w- c:\users\ian\appdata\roaming\File Scout
2013-08-23 09:50:21 -------- d-----w- c:\programdata\ErrorEND
2013-08-23 09:50:02 -------- d-----w- c:\program files\ErrorEND
2013-08-23 09:12:48 -------- d-----w- C:\a(1)
2013-08-22 15:08:37 -------- d-----w- c:\users\ian\appdata\roaming\Anvisoft
2013-08-22 15:08:12 -------- d-----w- c:\programdata\Anvisoft
2013-08-22 15:07:53 -------- d-----w- c:\program files\Anvisoft
2013-08-22 13:30:31 -------- d-----w- c:\users\ian\appdata\local\CRE
2013-08-22 13:30:29 -------- d-----w- c:\program files\Conduit
2013-08-22 12:18:50 697992 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7b521edf-1538-4e76-998f-b308e6eeb0ab}\gapaengine.dll
2013-08-21 13:14:08 17737608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-08-20 11:43:18 -------- d-----w- c:\programdata\GOOBZO
2013-08-20 09:26:10 -------- d-----w- c:\program files\Enigma Software Group
2013-08-20 09:24:14 -------- d-----w- c:\windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-08-20 09:24:07 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-08-18 17:17:35 -------- d-----w- c:\users\ian\fontconfig
2013-08-14 04:54:36 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 04:54:35 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 04:54:34 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 04:54:34 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 04:54:17 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 04:54:10 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 04:54:08 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 04:54:06 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 04:54:06 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 04:54:00 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 04:53:59 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 04:53:59 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 04:53:57 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-09 19:26:44 172032 ----a-w- c:\windows\system32\AniGIF.ocx
.
==================== Find3M ====================
.
2013-08-21 13:14:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 13:14:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-15 11:19:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 11:19:44 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-15 11:19:43 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-18 18:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 18:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
2011-12-11 16:18:50 3552208 ----a-w- c:\program files\ccsetup313.exe
2011-07-01 11:44:37 1393104 ----a-w- c:\program files\MapsSetup.exe
2011-07-01 09:49:20 1980360 ----a-w- c:\program files\MailNotifierSetup.exe
2011-03-21 12:46:19 1770248 ----a-w- c:\program files\BandooV6 (2).exe
2010-10-02 18:40:55 5542672 ----a-w- c:\program files\HSS-1.52-install-anchorfree-76-conduit.exe
2008-09-10 07:00:09 1724416 ----a-w- c:\program files\gdiplus.dll
.
============= FINISH: 17:26:45.49 ===============