Hi,
I downloaded a window flash media to watch a movie and after downloaded the software Chrome browser became weird...so many pops up and the homepage I set won't stay. Some weird homepage became my default. Can someone please tell me what is going one with my system.
Window 7 Pro
64 bits
Thank you in advance for everyone help!
******
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Binh C Dinh at 22:23:59 on 2013-11-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.4774 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Binh C Dinh\AppData\Local\Akamai\netsession_win.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Binh C Dinh\AppData\Local\Akamai\netsession_win.exe
C:\ProgramData\Updater\updater.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\Explorer.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p07_serp_ie_us_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_787557525f9343a89a5624259f721e77_30_46_20131117_US_ie_sp_IS0
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mStart Page = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mSearchAssistant = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mCustomizeSearch = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: CescrtHlpr Object: {112BA211-334C-4A90-90EC-2AD1CDAB287C} - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Binh C Dinh\AppData\Local\SySaver\temp.dat
BHO: Tube Dimmer: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: BuzzSearch: {5cf5a690-c8f4-488e-9d20-f21aef602d41} - C:\Program Files (x86)\BuzzSearch\BuzzSearchbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131117104313.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Re-markit: {818f6ad9-ccf9-4cbd-8e66-3c29dd13115f} - C:\Program Files (x86)\Re-markit\135.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Iminent Toolbar: {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~2.LNK - C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~1.LNK - C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\2656C6B696E6E2565336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\454416E676 : DHCPNameServer = 192.168.2.1 24.159.64.23 24.217.201.67 66.189.0.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
AppInit_DLLs= acaptuser32.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mSearchAssistant = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mCustomizeSearch = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130505082620.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-07 15:28; firefox@mybuzzsearch.com; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\firefox@mybuzzsearch.com.xpi
FF - ExtSQL: 2013-11-17 10:40; addon@defaulttab.com; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-11-17 10:43; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-11-17 11:09; {623df3f2-d573-48b5-ae59-065b433dd24a}; C:\Program Files (x86)\Re-markit\135.xpi
FF - ExtSQL: 2013-11-19 21:00; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=&q=
FF - user.js: extensions.mysearchdial.id - C0CB38ACF43BD8BE
FF - user.js: extensions.mysearchdial.instlDay - 16026
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.010:29:26
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1447941512
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1447941512
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-7-11 27760]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-11-23 70112]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-7-11 348712]
.
=============== Created Last 30 ================
.
2013-11-20 05:01:30 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\SySaver
2013-11-17 19:53:36 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-17 19:53:36 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-17 19:53:36 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-17 19:17:23 -------- d-----w- C:\Program Files\Uninstaller
2013-11-17 19:15:48 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\OpenWebKitSharp Strings
2013-11-17 19:15:12 -------- d-----w- C:\Program Files (x86)\Olive
2013-11-17 19:10:03 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-11-17 19:09:12 -------- d-----w- C:\Program Files (x86)\Re-markit
2013-11-17 19:08:54 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\Weather_Notifications,_LL
2013-11-17 19:08:50 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts
2013-11-17 18:56:50 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-11-17 18:54:27 114280 ------w- C:\Windows\SysWow64\acaptuser32.dll
2013-11-17 18:53:14 106088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-11-17 18:45:26 -------- d-----w- C:\Program Files (x86)\IminentToolbar
2013-11-17 18:45:22 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\iminent
2013-11-17 18:44:59 -------- d-----w- C:\Program Files (x86)\Iminent
2013-11-17 18:43:38 -------- d-----w- C:\Program Files (x86)\Gophoto.it
2013-11-17 18:43:33 -------- d-----w- C:\Program Files (x86)\FreeHDSport TV V6.0
2013-11-17 18:43:20 -------- d-----w- C:\Program Files (x86)\ATDheNetTVApp.com
2013-11-17 18:40:36 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-11-17 18:40:31 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab
2013-11-17 18:32:45 -------- d-----w- C:\ProgramData\Updater
2013-11-17 18:32:45 -------- d-----w- C:\ProgramData\RHelpers
2013-11-17 18:32:41 -------- d-----w- C:\ProgramData\TubeDimmer
2013-11-17 18:30:24 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-11-17 18:30:05 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\Programs
2013-11-17 18:29:35 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\mysearchdial
2013-11-17 18:29:31 -------- d-----w- C:\Program Files (x86)\BuzzSearch
2013-11-14 03:52:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-11-14 03:51:20 -------- d-----w- C:\Program Files\iPod
2013-11-14 03:51:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-14 03:51:18 -------- d-----w- C:\Program Files\iTunes
2013-11-14 03:51:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-14 03:12:39 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 03:12:36 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-14 03:12:18 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-14 03:12:14 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-14 03:12:13 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-14 03:12:13 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 03:12:13 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-14 03:12:13 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-14 03:12:13 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 03:06:35 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-14 03:06:35 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-14 03:03:11 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-14 03:03:10 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-14 03:03:10 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-14 03:03:10 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 03:03:10 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-06 04:11:26 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\Paltalk
2013-11-06 04:11:21 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger
2013-10-25 20:34:32 114520 ----a-w- C:\Windows\System32\Vxdif.dll
2013-10-25 20:34:30 489264 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys
2013-10-23 04:47:42 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-23 04:47:41 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-23 04:47:41 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-23 04:47:41 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-23 04:47:40 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-23 04:47:40 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-23 04:47:40 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-23 04:16:25 -------- d--h--w- C:\Windows\msdownld.tmp
2013-10-23 04:14:13 -------- d-----w- C:\ProgramData\Oracle
2013-10-23 04:13:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-10-23 03:55:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 03:55:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 22:30:24.88 ===============
I downloaded a window flash media to watch a movie and after downloaded the software Chrome browser became weird...so many pops up and the homepage I set won't stay. Some weird homepage became my default. Can someone please tell me what is going one with my system.
Window 7 Pro
64 bits
Thank you in advance for everyone help!
******
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Binh C Dinh at 22:23:59 on 2013-11-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.4774 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Binh C Dinh\AppData\Local\Akamai\netsession_win.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Binh C Dinh\AppData\Local\Akamai\netsession_win.exe
C:\ProgramData\Updater\updater.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\Explorer.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p07_serp_ie_us_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_787557525f9343a89a5624259f721e77_30_46_20131117_US_ie_sp_IS0
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mStart Page = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mSearchAssistant = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mCustomizeSearch = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: CescrtHlpr Object: {112BA211-334C-4A90-90EC-2AD1CDAB287C} - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Binh C Dinh\AppData\Local\SySaver\temp.dat
BHO: Tube Dimmer: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: BuzzSearch: {5cf5a690-c8f4-488e-9d20-f21aef602d41} - C:\Program Files (x86)\BuzzSearch\BuzzSearchbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131117104313.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Re-markit: {818f6ad9-ccf9-4cbd-8e66-3c29dd13115f} - C:\Program Files (x86)\Re-markit\135.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Iminent Toolbar: {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~2.LNK - C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~1.LNK - C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\2656C6B696E6E2565336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\454416E676 : DHCPNameServer = 192.168.2.1 24.159.64.23 24.217.201.67 66.189.0.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
AppInit_DLLs= acaptuser32.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mSearchAssistant = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mCustomizeSearch = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130505082620.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-07 15:28; firefox@mybuzzsearch.com; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\firefox@mybuzzsearch.com.xpi
FF - ExtSQL: 2013-11-17 10:40; addon@defaulttab.com; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-11-17 10:43; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-11-17 11:09; {623df3f2-d573-48b5-ae59-065b433dd24a}; C:\Program Files (x86)\Re-markit\135.xpi
FF - ExtSQL: 2013-11-19 21:00; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=&q=
FF - user.js: extensions.mysearchdial.id - C0CB38ACF43BD8BE
FF - user.js: extensions.mysearchdial.instlDay - 16026
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.010:29:26
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1447941512
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1447941512
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-7-11 27760]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-11-23 70112]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-7-11 348712]
.
=============== Created Last 30 ================
.
2013-11-20 05:01:30 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\SySaver
2013-11-17 19:53:36 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-17 19:53:36 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-17 19:53:36 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-17 19:17:23 -------- d-----w- C:\Program Files\Uninstaller
2013-11-17 19:15:48 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\OpenWebKitSharp Strings
2013-11-17 19:15:12 -------- d-----w- C:\Program Files (x86)\Olive
2013-11-17 19:10:03 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-11-17 19:09:12 -------- d-----w- C:\Program Files (x86)\Re-markit
2013-11-17 19:08:54 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\Weather_Notifications,_LL
2013-11-17 19:08:50 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts
2013-11-17 18:56:50 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-11-17 18:54:27 114280 ------w- C:\Windows\SysWow64\acaptuser32.dll
2013-11-17 18:53:14 106088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-11-17 18:45:26 -------- d-----w- C:\Program Files (x86)\IminentToolbar
2013-11-17 18:45:22 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\iminent
2013-11-17 18:44:59 -------- d-----w- C:\Program Files (x86)\Iminent
2013-11-17 18:43:38 -------- d-----w- C:\Program Files (x86)\Gophoto.it
2013-11-17 18:43:33 -------- d-----w- C:\Program Files (x86)\FreeHDSport TV V6.0
2013-11-17 18:43:20 -------- d-----w- C:\Program Files (x86)\ATDheNetTVApp.com
2013-11-17 18:40:36 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-11-17 18:40:31 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab
2013-11-17 18:32:45 -------- d-----w- C:\ProgramData\Updater
2013-11-17 18:32:45 -------- d-----w- C:\ProgramData\RHelpers
2013-11-17 18:32:41 -------- d-----w- C:\ProgramData\TubeDimmer
2013-11-17 18:30:24 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-11-17 18:30:05 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\Programs
2013-11-17 18:29:35 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\mysearchdial
2013-11-17 18:29:31 -------- d-----w- C:\Program Files (x86)\BuzzSearch
2013-11-14 03:52:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-11-14 03:51:20 -------- d-----w- C:\Program Files\iPod
2013-11-14 03:51:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-14 03:51:18 -------- d-----w- C:\Program Files\iTunes
2013-11-14 03:51:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-14 03:12:39 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 03:12:36 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-14 03:12:18 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-14 03:12:14 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-14 03:12:13 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-14 03:12:13 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 03:12:13 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-14 03:12:13 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-14 03:12:13 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 03:06:35 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-14 03:06:35 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-14 03:03:11 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-14 03:03:10 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-14 03:03:10 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-14 03:03:10 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 03:03:10 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-06 04:11:26 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\Paltalk
2013-11-06 04:11:21 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger
2013-10-25 20:34:32 114520 ----a-w- C:\Windows\System32\Vxdif.dll
2013-10-25 20:34:30 489264 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys
2013-10-23 04:47:42 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-23 04:47:41 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-23 04:47:41 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-23 04:47:41 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-23 04:47:40 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-23 04:47:40 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-23 04:47:40 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-23 04:16:25 -------- d--h--w- C:\Windows\msdownld.tmp
2013-10-23 04:14:13 -------- d-----w- C:\ProgramData\Oracle
2013-10-23 04:13:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-10-23 03:55:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 03:55:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 22:30:24.88 ===============