My apology to ryder. Starting over. Thanks for your time.
It pops up a window in the FF browser to redirect to redirsvc.com. I do not allow it to redirect but I did once. It also highlights and double underlines words on web pages. FF keeps crashing...althought I updated recently. I keep new programs showing up...
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520
Run by Brent at 13:47:50 on 2013-11-25
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.2038.923 [GMT -8:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Omiga Plus\omigaplusSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.certified-toolbar.com?si=71578&st=home&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=71578&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB&st=chrome&q=
mStart Page = hxxp://search.certified-toolbar.com?si=71578&st=home&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB
mSearch Bar = hxxp://search.certified-toolbar.com?si=71578&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB&st=chrome&q=
mURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
mURLSearchHooks: {7f3f960e-a836-45ca-8911-0accb522246e} - <orphaned>
mURLSearchHooks: {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - <orphaned>
mURLSearchHooks: {988919ff-0cd8-4d0c-bc7e-60d55a49eb64} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: PBlockHelper Class: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: NOW!Imaging: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - c:\program files\netscape accelerator\components\NOWImaging.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Omiga Plus] "c:\program files\omiga plus\omigaplus.exe" /autorun
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\users\brent\appdata\roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\a08c7aac-8ecc-442c-bcbb-475efc5901c5.exe /check
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mRunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{caa5e52b-caa8-4314-9a9d-46e1ca1d5a3d}
mRunOnce: [aswAhAScr.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\asOutExt.dll"
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
mRunOnce: [20131011] c:\program files\avast software\avast\setup\emupdate\42525cdc-5987-48e5-b1ed-1c9fa9d38b0d.exe /check
mRunOnce: [20131030] c:\program files\avast software\avast\setup\emupdate\13a40aa5-bd31-4b87-bc73-71758f8a91a0.exe /check
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /RUNONCE
StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
LSP: c:\progra~1\netsca~2\sliplsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{E33BEE49-EC61-4901-B1B7-E8EE2FE35D53} : DHCPNameServer = 192.168.1.254 75.153.176.9
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567&CUI=UN14748847043729184&UM=2&SearchSource=3&q={searchTerms}
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-03 13:59; firefox@saltarsmart.biz; c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\extensions\firefox@saltarsmart.biz.xpi
FF - ExtSQL: 2013-10-23 21:41; {988919ff-0cd8-4d0c-bc7e-60d55a49eb64}; c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\extensions\{988919ff-0cd8-4d0c-bc7e-60d55a49eb64}
FF - ExtSQL: 2013-10-27 18:23; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-19 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-11-11 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-11-11 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-10-27 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-10-27 175176]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-11-11 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-27 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-27 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-27 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-11-11 137960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-5-26 21504]
R2 omigaplussvc;Omiga plus service;c:\program files\omiga plus\omigaplusSvc.exe [2013-10-27 424104]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-7-1 32808]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 528896]
.
=============== Created Last 30 ================
.
2013-11-23 21:54:22 -------- d-----w- c:\users\brent\appdata\roaming\abelhadigital.com
2013-11-23 00:21:08 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{889d3bb0-e197-4acb-a44d-97217d05f187}\mpengine.dll
2013-11-22 01:53:33 -------- d-----w- c:\users\brent\.android
2013-11-22 01:53:27 -------- d-----w- c:\users\brent\appdata\local\cache
2013-11-22 01:53:23 -------- d-----w- c:\users\brent\appdata\roaming\newnext.me
2013-11-22 01:53:22 -------- d-----w- c:\users\brent\appdata\local\genienext
2013-11-22 01:53:20 -------- d-----w- c:\users\brent\appdata\local\Mobogenie
2013-11-22 01:52:20 -------- d-----w- c:\users\brent\appdata\roaming\WinZip
2013-11-22 01:51:57 -------- d-----w- c:\program files\WinZip Driver Updater
2013-11-22 01:51:56 -------- d-----w- c:\program files\Mobogenie
2013-11-17 19:04:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-11-17 19:04:59 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-11-17 19:04:58 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-11-17 19:04:58 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-11-17 19:04:57 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-11-14 01:41:10 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 01:41:09 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 01:41:00 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 01:40:55 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-12 05:44:54 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-11-12 05:44:53 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-11-12 05:44:37 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-11-08 18:01:18 7772552 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-11-05 20:31:34 -------- d-----w- c:\users\brent\appdata\local\temp
2013-11-05 20:23:56 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-05 20:21:48 -------- d-s---w- C:\ComboFix
2013-11-03 21:37:24 -------- d-----w- C:\5922a947673012aa1e05
2013-10-28 01:23:57 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-28 01:23:56 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-28 01:23:55 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-28 01:23:54 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-28 01:23:18 41664 ----a-w- c:\windows\avastSS.scr
2013-10-28 01:17:04 -------- d-----w- c:\users\brent\appdata\roaming\Omiga Plus
2013-10-28 01:17:04 -------- d-----w- c:\program files\Omiga Plus
.
==================== Find3M ====================
.
2013-11-18 16:11:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-18 16:11:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-11 13:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-31 07:46:15 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-10-24 04:41:33 773712 ----a-w- c:\windows\system32\msvcr100.dll
2013-10-24 04:41:32 420944 ----a-w- c:\windows\system32\msvcp100.dll
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2012-08-13 08:58:22 473600 ----a-w- c:\program files\setup.exe
2012-08-13 08:58:22 3162112 ----a-w- c:\program files\openofficeorg341.msi
.
============= FINISH: 13:48:55.30 ===============
It pops up a window in the FF browser to redirect to redirsvc.com. I do not allow it to redirect but I did once. It also highlights and double underlines words on web pages. FF keeps crashing...althought I updated recently. I keep new programs showing up...
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520
Run by Brent at 13:47:50 on 2013-11-25
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.2038.923 [GMT -8:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Omiga Plus\omigaplusSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.certified-toolbar.com?si=71578&st=home&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=71578&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB&st=chrome&q=
mStart Page = hxxp://search.certified-toolbar.com?si=71578&st=home&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB
mSearch Bar = hxxp://search.certified-toolbar.com?si=71578&tid=8195&ver=4.9&ts=1382684400000.000009&tguid=71578-8195-1382741403689-E3C7331EBCA606EC00A7D7E1B51F62CB&st=chrome&q=
mURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
mURLSearchHooks: {7f3f960e-a836-45ca-8911-0accb522246e} - <orphaned>
mURLSearchHooks: {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - <orphaned>
mURLSearchHooks: {988919ff-0cd8-4d0c-bc7e-60d55a49eb64} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: PBlockHelper Class: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: NOW!Imaging: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - c:\program files\netscape accelerator\components\NOWImaging.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Omiga Plus] "c:\program files\omiga plus\omigaplus.exe" /autorun
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\users\brent\appdata\roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\a08c7aac-8ecc-442c-bcbb-475efc5901c5.exe /check
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mRunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{caa5e52b-caa8-4314-9a9d-46e1ca1d5a3d}
mRunOnce: [aswAhAScr.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\asOutExt.dll"
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
mRunOnce: [20131011] c:\program files\avast software\avast\setup\emupdate\42525cdc-5987-48e5-b1ed-1c9fa9d38b0d.exe /check
mRunOnce: [20131030] c:\program files\avast software\avast\setup\emupdate\13a40aa5-bd31-4b87-bc73-71758f8a91a0.exe /check
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /RUNONCE
StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
LSP: c:\progra~1\netsca~2\sliplsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{E33BEE49-EC61-4901-B1B7-E8EE2FE35D53} : DHCPNameServer = 192.168.1.254 75.153.176.9
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567&CUI=UN14748847043729184&UM=2&SearchSource=3&q={searchTerms}
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-03 13:59; firefox@saltarsmart.biz; c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\extensions\firefox@saltarsmart.biz.xpi
FF - ExtSQL: 2013-10-23 21:41; {988919ff-0cd8-4d0c-bc7e-60d55a49eb64}; c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\extensions\{988919ff-0cd8-4d0c-bc7e-60d55a49eb64}
FF - ExtSQL: 2013-10-27 18:23; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-19 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-11-11 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-11-11 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-10-27 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-10-27 175176]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-11-11 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-27 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-27 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-27 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-11-11 137960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-5-26 21504]
R2 omigaplussvc;Omiga plus service;c:\program files\omiga plus\omigaplusSvc.exe [2013-10-27 424104]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-7-1 32808]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 528896]
.
=============== Created Last 30 ================
.
2013-11-23 21:54:22 -------- d-----w- c:\users\brent\appdata\roaming\abelhadigital.com
2013-11-23 00:21:08 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{889d3bb0-e197-4acb-a44d-97217d05f187}\mpengine.dll
2013-11-22 01:53:33 -------- d-----w- c:\users\brent\.android
2013-11-22 01:53:27 -------- d-----w- c:\users\brent\appdata\local\cache
2013-11-22 01:53:23 -------- d-----w- c:\users\brent\appdata\roaming\newnext.me
2013-11-22 01:53:22 -------- d-----w- c:\users\brent\appdata\local\genienext
2013-11-22 01:53:20 -------- d-----w- c:\users\brent\appdata\local\Mobogenie
2013-11-22 01:52:20 -------- d-----w- c:\users\brent\appdata\roaming\WinZip
2013-11-22 01:51:57 -------- d-----w- c:\program files\WinZip Driver Updater
2013-11-22 01:51:56 -------- d-----w- c:\program files\Mobogenie
2013-11-17 19:04:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-11-17 19:04:59 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-11-17 19:04:58 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-11-17 19:04:58 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-11-17 19:04:57 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-11-14 01:41:10 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 01:41:09 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 01:41:00 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 01:40:55 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-12 05:44:54 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-11-12 05:44:53 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-11-12 05:44:37 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-11-08 18:01:18 7772552 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-11-05 20:31:34 -------- d-----w- c:\users\brent\appdata\local\temp
2013-11-05 20:23:56 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-05 20:21:48 -------- d-s---w- C:\ComboFix
2013-11-03 21:37:24 -------- d-----w- C:\5922a947673012aa1e05
2013-10-28 01:23:57 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-28 01:23:56 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-28 01:23:55 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-28 01:23:54 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-28 01:23:18 41664 ----a-w- c:\windows\avastSS.scr
2013-10-28 01:17:04 -------- d-----w- c:\users\brent\appdata\roaming\Omiga Plus
2013-10-28 01:17:04 -------- d-----w- c:\program files\Omiga Plus
.
==================== Find3M ====================
.
2013-11-18 16:11:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-18 16:11:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-11 13:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-31 07:46:15 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-10-24 04:41:33 773712 ----a-w- c:\windows\system32\msvcr100.dll
2013-10-24 04:41:32 420944 ----a-w- c:\windows\system32\msvcp100.dll
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2012-08-13 08:58:22 473600 ----a-w- c:\program files\setup.exe
2012-08-13 08:58:22 3162112 ----a-w- c:\program files\openofficeorg341.msi
.
============= FINISH: 13:48:55.30 ===============