Hi
Both my browsers have been hijacked. I can still use them but every so often they redirect me to unwanted sites. I run I.E and Firefox.
I couldn't zip the "Attach" and "Ark" files it seems I only have WinRAR on my system to zip and unzip. I will paste them here I hope it's ok.
Thanks for the help
Patrick
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
Run by Vaindioux at 9:06:14 on 2014-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.5904 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windstream_BCUC\McciTrayApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Vaindioux\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
mStart Page = hxxp://www.yahoo.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [SearchProtection] "C:\Users\Vaindioux\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [uTorrent] "C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AddressBookReminderApp] C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\ReminderApp.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.254.254
TCP: Interfaces\{F389F118-AFF0-4ACC-ABBD-6009B97747A0} : DHCPNameServer = 192.168.1.1 192.168.254.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.yahoo.com/
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [Windstream_BCUC_McciTrayApp] "C:\Program Files\Windstream_BCUC\McciTrayApp.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vaindioux\AppData\Roaming\Mozilla\Firefox\Profiles\gtb4q2yt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M5F7A633A-0DF9-4D53-AC38-AB490E9DDC1B&SearchSource=55&CUI=&UM=5&UP=SP316FA9C3-C083-4A42-A8CE-50E57ECE8FB8&SSPV=
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\VAINDI~1\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-9-3 237936]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-2-27 69376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-3 203264]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-6 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-6 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 117712]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-7-22 2975168]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-5 517632]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-3 233472]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-9-3 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-7 1255736]
.
=============== Created Last 30 ================
.
2014-07-19 22:03:14 -------- d-----w- C:\Program Files\iPod
2014-07-19 22:03:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-19 22:03:12 -------- d-----w- C:\Program Files\iTunes
2014-07-19 22:03:12 -------- d-----w- C:\Program Files (x86)\iTunes
2014-07-19 01:16:32 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-14 19:16:00 -------- d-----w- C:\Users\Vaindioux\AppData\Local\HP
2014-07-14 19:07:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-14 19:07:30 -------- d-----w- C:\Program Files (x86)\Common Files\Nova Development
2014-07-14 19:07:25 -------- d-----w- C:\Program Files (x86)\Creative Home
2014-07-14 18:42:36 -------- d-----w- C:\Program Files\HP
2014-07-09 22:43:50 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 22:38:42 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-09 22:38:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-09 22:38:42 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
.
==================== Find3M ====================
.
2014-07-25 21:09:37 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-22 13:27:44 8887232 ----a-w- C:\Windows\apppatch\spbin\SPVC32.dll
2014-07-22 13:27:44 5426112 ----a-w- C:\Windows\apppatch\spbin\cltmng.exe
2014-07-22 13:27:44 3382720 ----a-w- C:\Windows\apppatch\spbin\SPVC64.dll
2014-07-22 13:27:44 232896 ----a-w- C:\Windows\apppatch\spbin\SPVC64Loader.dll
2014-07-22 13:27:44 232896 ----a-w- C:\Windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-07-22 13:27:44 187328 ----a-w- C:\Windows\apppatch\spbin\SPVC32Loader.dll
2014-07-22 13:27:44 1729984 ----a-w- C:\Windows\apppatch\spbin\SPTool64.exe
2014-07-11 22:42:34 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 22:42:34 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-03 22:18:02 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-18 20:18:04 45400 ----a-w- C:\Windows\SysWow64\DiscHandler.exe
2014-05-13 15:05:56 4009984 ----a-w- C:\Windows\System32\ffmpeg.dll
2014-05-13 15:05:40 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2014-05-13 15:05:24 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-05-13 15:05:22 4374528 ----a-w- C:\Windows\System32\ffdshow.ax
2014-05-13 15:04:56 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2014-05-13 15:04:26 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2014-05-13 15:04:26 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2014-05-13 15:04:26 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2014-05-13 15:04:26 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2014-05-13 15:04:24 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2014-05-13 15:04:24 183296 ----a-w- C:\Windows\System32\ff_unrar.dll
2014-05-13 15:04:24 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2014-05-13 15:02:30 3916288 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2014-05-13 15:01:48 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-05-13 15:01:46 3502592 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2014-05-13 15:01:12 271360 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2014-05-13 15:00:58 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2014-05-13 15:00:58 157184 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2014-05-13 15:00:56 211968 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2014-05-13 15:00:56 1525760 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2014-05-13 15:00:56 147456 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2014-05-13 15:00:54 114688 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2014-05-13 15:00:52 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
============= FINISH: 9:06:37.48 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/5/2010 8:17:06 AM
System Uptime: 7/20/2014 8:37:56 AM (193 hours ago)
.
Motherboard: FOXCONN | | ALOE
Processor: AMD Phenom(tm) II X4 810 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 411.313 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.221 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP382: 7/14/2014 3:07:03 PM - Installed Hallmark Card Studio Select.
RP383: 7/18/2014 9:15:34 PM - Installed Java 7 Update 65
RP384: 7/24/2014 3:00:23 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Activate Norton Online Backup
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop CS
Adobe Reader X (10.1.10)
AMD USB Filter Driver
Any Video Converter 5.0.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
Bonjour
Catalina Savings Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Comical 0.8
ComicRack v0.9.143
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
coverXP (remove only)
CyberLink DVD Suite Deluxe
CyberPower PowerPanel Personal Edition 1.3
D3DX10
DB-Editor
DefaultTab
Digital Copy
DirectX for Managed Code Update (Summer 2004)
DVD Slim Free 2.0.0.5
ESET Online Scanner v3
FLV Player
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hallmark Card Studio Select
Hardware Diagnostic Tools
Haunted Memories
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 1510 series Basic Device Software
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
iCloud
ImgBurn
iTunes
Java 7 Update 65
Java Auto Updater
Java(TM) SE Development Kit 6 Update 30
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 4.3.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MKV File Player
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.2.0.700
PictureMover
Power2Go
PowerDirector
PowerRecover
Python 2.7.1
QuickShare
QuickTime 7
RAIDXpert
RarZilla Free Unrar
Realtek High Definition Audio Driver
Search Protect
Search Protection
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype Click to Call
Skype 6.11
SpywareBlaster 4.5
Steam
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wgaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wgaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 wgaiper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio C++ 10.0 Runtime
VLC
VLC media player 1.1.5
WebIQ Technology Engine
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
Windstream Broadband Check-up Center
WinRAR archiver
WOT for Internet Explorer
wxPython 2.8.12.1 (unicode) for Python 2.6
.
==== Event Viewer Messages From Past Week ========
.
7/27/2014 12:14:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
7/27/2014 1:14:14 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
.
==== End Of File ===========================
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-07-28 09:20:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b Seagate_ rev.HP34 698.64GB
Running: gmer.exe; Driver: C:\Users\VAINDI~1\AppData\Local\Temp\pgtciuob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002df1000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002df102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\SYSTEM32\ntdll.dll!RtlExitUserProcess 0000000077014120 5 bytes JMP 0000000104290018
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076eda400 5 bytes JMP 0000000103070018
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\system32\IEFRAME.dll!DllRegisterServer + 572 000007fef6b61660 5 bytes JMP 000007ffe67e8b24
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\system32\IEFRAME.dll!IELaunchManageAddOnsUI 000007fef70abe00 5 bytes JMP 000007ffe67fd504
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074e75bad 5 bytes JMP 0000000158a0d0ea
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e779d8 5 bytes JMP 0000000100280018
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\advapi32.DLL!RegQueryValueExW 0000000074c6462d 5 bytes JMP 00000001589fcec6
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\user32.DLL!RegisterClassW 00000000762d8a65 5 bytes JMP 00000001589feddd
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\user32.DLL!RegisterClassExW 00000000762db17d 5 bytes JMP 00000001589fee98
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\user32.DLL!DialogBoxIndirectParamAorW 00000000762fce54 5 bytes JMP 0000000158a0f6e4
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000752579b2 5 bytes JMP 0000000158a0593c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000075262659 5 bytes JMP 0000000158a055b1
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074e75bad 5 bytes JMP 0000000158a0d0ea
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e779d8 5 bytes JMP 0000000100290018
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\advapi32.DLL!RegQueryValueExW 0000000074c6462d 5 bytes JMP 00000001589fcec6
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\user32.DLL!RegisterClassW 00000000762d8a65 5 bytes JMP 00000001589feddd
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\user32.DLL!RegisterClassExW 00000000762db17d 5 bytes JMP 00000001589fee98
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\user32.DLL!DialogBoxIndirectParamAorW 00000000762fce54 5 bytes JMP 0000000158a0f6e4
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000752579b2 5 bytes JMP 0000000158a0593c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000075262659 5 bytes JMP 0000000158a055b1
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5064:5036] 000007fefb292bf8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???v?&??? ???????????????????????????????????????f??????????NT AUTHORITY\LocalService???? ????????????????????????"??????????????????????3??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|??;??? ???????.??????????????????@volume.inf,%storage\volume.devicedesc%;Generic volume? (I??? ??????????????????????????? ?????????????????????0????????????????????%SystemRoot%\system32\wpdshext.dll,-701??s??? ??????????????????????????^`????????*??????|?????????n?????e??????????? *??????z???????{???????????|???????????????G??????me??????????35??????????????????????"c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator???? ????????????????????????.????????????????????,????????????? ?????????????????????,?????????????????????????n??????????? ?????????????????????,????????N????????r????N????????????
---- EOF - GMER 2.1 ----
Both my browsers have been hijacked. I can still use them but every so often they redirect me to unwanted sites. I run I.E and Firefox.
I couldn't zip the "Attach" and "Ark" files it seems I only have WinRAR on my system to zip and unzip. I will paste them here I hope it's ok.
Thanks for the help
Patrick
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.65.2
Run by Vaindioux at 9:06:14 on 2014-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.5904 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windstream_BCUC\McciTrayApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Vaindioux\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
mStart Page = hxxp://www.yahoo.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [SearchProtection] "C:\Users\Vaindioux\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [uTorrent] "C:\Users\Vaindioux\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AddressBookReminderApp] C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\ReminderApp.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Program Files (x86)\Creative Home\Hallmark Card Studio Select\Planner\PLNRnote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.254.254
TCP: Interfaces\{F389F118-AFF0-4ACC-ABBD-6009B97747A0} : DHCPNameServer = 192.168.1.1 192.168.254.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.yahoo.com/
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [Windstream_BCUC_McciTrayApp] "C:\Program Files\Windstream_BCUC\McciTrayApp.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vaindioux\AppData\Roaming\Mozilla\Firefox\Profiles\gtb4q2yt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M5F7A633A-0DF9-4D53-AC38-AB490E9DDC1B&SearchSource=55&CUI=&UM=5&UP=SP316FA9C3-C083-4A42-A8CE-50E57ECE8FB8&SSPV=
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\VAINDI~1\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-9-3 237936]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-2-27 69376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-3 203264]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-6 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-6 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 117712]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-7-22 2975168]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-5 517632]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-3 233472]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-9-3 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-7 1255736]
.
=============== Created Last 30 ================
.
2014-07-19 22:03:14 -------- d-----w- C:\Program Files\iPod
2014-07-19 22:03:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-19 22:03:12 -------- d-----w- C:\Program Files\iTunes
2014-07-19 22:03:12 -------- d-----w- C:\Program Files (x86)\iTunes
2014-07-19 01:16:32 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-14 19:16:00 -------- d-----w- C:\Users\Vaindioux\AppData\Local\HP
2014-07-14 19:07:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-14 19:07:30 -------- d-----w- C:\Program Files (x86)\Common Files\Nova Development
2014-07-14 19:07:25 -------- d-----w- C:\Program Files (x86)\Creative Home
2014-07-14 18:42:36 -------- d-----w- C:\Program Files\HP
2014-07-09 22:43:50 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 22:38:42 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-09 22:38:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-09 22:38:42 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
.
==================== Find3M ====================
.
2014-07-25 21:09:37 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-22 13:27:44 8887232 ----a-w- C:\Windows\apppatch\spbin\SPVC32.dll
2014-07-22 13:27:44 5426112 ----a-w- C:\Windows\apppatch\spbin\cltmng.exe
2014-07-22 13:27:44 3382720 ----a-w- C:\Windows\apppatch\spbin\SPVC64.dll
2014-07-22 13:27:44 232896 ----a-w- C:\Windows\apppatch\spbin\SPVC64Loader.dll
2014-07-22 13:27:44 232896 ----a-w- C:\Windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-07-22 13:27:44 187328 ----a-w- C:\Windows\apppatch\spbin\SPVC32Loader.dll
2014-07-22 13:27:44 1729984 ----a-w- C:\Windows\apppatch\spbin\SPTool64.exe
2014-07-11 22:42:34 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 22:42:34 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-03 22:18:02 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-18 20:18:04 45400 ----a-w- C:\Windows\SysWow64\DiscHandler.exe
2014-05-13 15:05:56 4009984 ----a-w- C:\Windows\System32\ffmpeg.dll
2014-05-13 15:05:40 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2014-05-13 15:05:24 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-05-13 15:05:22 4374528 ----a-w- C:\Windows\System32\ffdshow.ax
2014-05-13 15:04:56 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2014-05-13 15:04:26 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2014-05-13 15:04:26 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2014-05-13 15:04:26 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2014-05-13 15:04:26 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2014-05-13 15:04:24 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2014-05-13 15:04:24 183296 ----a-w- C:\Windows\System32\ff_unrar.dll
2014-05-13 15:04:24 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2014-05-13 15:02:30 3916288 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2014-05-13 15:01:48 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-05-13 15:01:46 3502592 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2014-05-13 15:01:12 271360 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2014-05-13 15:00:58 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2014-05-13 15:00:58 157184 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2014-05-13 15:00:56 211968 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2014-05-13 15:00:56 1525760 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2014-05-13 15:00:56 147456 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2014-05-13 15:00:54 114688 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2014-05-13 15:00:52 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
============= FINISH: 9:06:37.48 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/5/2010 8:17:06 AM
System Uptime: 7/20/2014 8:37:56 AM (193 hours ago)
.
Motherboard: FOXCONN | | ALOE
Processor: AMD Phenom(tm) II X4 810 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 411.313 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.221 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP382: 7/14/2014 3:07:03 PM - Installed Hallmark Card Studio Select.
RP383: 7/18/2014 9:15:34 PM - Installed Java 7 Update 65
RP384: 7/24/2014 3:00:23 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Activate Norton Online Backup
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop CS
Adobe Reader X (10.1.10)
AMD USB Filter Driver
Any Video Converter 5.0.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
Bonjour
Catalina Savings Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Comical 0.8
ComicRack v0.9.143
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
coverXP (remove only)
CyberLink DVD Suite Deluxe
CyberPower PowerPanel Personal Edition 1.3
D3DX10
DB-Editor
DefaultTab
Digital Copy
DirectX for Managed Code Update (Summer 2004)
DVD Slim Free 2.0.0.5
ESET Online Scanner v3
FLV Player
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hallmark Card Studio Select
Hardware Diagnostic Tools
Haunted Memories
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 1510 series Basic Device Software
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
iCloud
ImgBurn
iTunes
Java 7 Update 65
Java Auto Updater
Java(TM) SE Development Kit 6 Update 30
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 4.3.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MKV File Player
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.2.0.700
PictureMover
Power2Go
PowerDirector
PowerRecover
Python 2.7.1
QuickShare
QuickTime 7
RAIDXpert
RarZilla Free Unrar
Realtek High Definition Audio Driver
Search Protect
Search Protection
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype Click to Call
Skype 6.11
SpywareBlaster 4.5
Steam
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wgaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wgaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 wgaiper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio C++ 10.0 Runtime
VLC
VLC media player 1.1.5
WebIQ Technology Engine
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
Windstream Broadband Check-up Center
WinRAR archiver
WOT for Internet Explorer
wxPython 2.8.12.1 (unicode) for Python 2.6
.
==== Event Viewer Messages From Past Week ========
.
7/27/2014 12:14:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
7/27/2014 1:14:14 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
.
==== End Of File ===========================
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-07-28 09:20:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b Seagate_ rev.HP34 698.64GB
Running: gmer.exe; Driver: C:\Users\VAINDI~1\AppData\Local\Temp\pgtciuob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002df1000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002df102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\SYSTEM32\ntdll.dll!RtlExitUserProcess 0000000077014120 5 bytes JMP 0000000104290018
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076eda400 5 bytes JMP 0000000103070018
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\system32\IEFRAME.dll!DllRegisterServer + 572 000007fef6b61660 5 bytes JMP 000007ffe67e8b24
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] C:\Windows\system32\IEFRAME.dll!IELaunchManageAddOnsUI 000007fef70abe00 5 bytes JMP 000007ffe67fd504
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074e75bad 5 bytes JMP 0000000158a0d0ea
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e779d8 5 bytes JMP 0000000100280018
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\advapi32.DLL!RegQueryValueExW 0000000074c6462d 5 bytes JMP 00000001589fcec6
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\user32.DLL!RegisterClassW 00000000762d8a65 5 bytes JMP 00000001589feddd
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\user32.DLL!RegisterClassExW 00000000762db17d 5 bytes JMP 00000001589fee98
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\user32.DLL!DialogBoxIndirectParamAorW 00000000762fce54 5 bytes JMP 0000000158a0f6e4
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000752579b2 5 bytes JMP 0000000158a0593c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000075262659 5 bytes JMP 0000000158a055b1
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074e75bad 5 bytes JMP 0000000158a0d0ea
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000074e779d8 5 bytes JMP 0000000100290018
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\advapi32.DLL!RegQueryValueExW 0000000074c6462d 5 bytes JMP 00000001589fcec6
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\user32.DLL!RegisterClassW 00000000762d8a65 5 bytes JMP 00000001589feddd
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\user32.DLL!RegisterClassExW 00000000762db17d 5 bytes JMP 00000001589fee98
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\user32.DLL!DialogBoxIndirectParamAorW 00000000762fce54 5 bytes JMP 0000000158a0f6e4
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000752579b2 5 bytes JMP 0000000158a0593c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000075262659 5 bytes JMP 0000000158a055b1
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5064:5036] 000007fefb292bf8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???v?&??? ???????????????????????????????????????f??????????NT AUTHORITY\LocalService???? ????????????????????????"??????????????????????3??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|??;??? ???????.??????????????????@volume.inf,%storage\volume.devicedesc%;Generic volume? (I??? ??????????????????????????? ?????????????????????0????????????????????%SystemRoot%\system32\wpdshext.dll,-701??s??? ??????????????????????????^`????????*??????|?????????n?????e??????????? *??????z???????{???????????|???????????????G??????me??????????35??????????????????????"c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator???? ????????????????????????.????????????????????,????????????? ?????????????????????,?????????????????????????n??????????? ?????????????????????,????????N????????r????N????????????
---- EOF - GMER 2.1 ----