I'm receiving this click.gethotresults.com redirect every time I use google search in Firefox. Basically I've tried malwayreytes,unahck me,TDSSKiller and bitdefender but nothing detects this problem.Also I have my windows install disc/boot disc for windows 7 ultimate Dell version 32 bit.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by jxsilicon9 at 14:08:17 on 2012-09-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.570 [GMT -5:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Users\jxsilicon9\Desktop\gmer.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 89.238.154.124:3128
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
StartupFolder: c:\users\jxsili~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rizone~1.lnk - c:\users\jxsilicon9\desktop\memboost-1-7-9-1798\memBoost.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: FoxyProxy - c:\programdata\fpie\FoxyProxyAdd-on.dll/IDR_HTML1
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{34193906-4DBB-4C9E-988E-EB99ACF7439C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{34193906-4DBB-4C9E-988E-EB99ACF7439C}\2375942554831323 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jxsilicon9\appdata\roaming\mozilla\firefox\profiles\v50btw40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jxsilicon9\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\jxsilicon9\appdata\roaming\mozilla\firefox\profiles\v50btw40.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\jxsilicon9\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-8-23 65816]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-9-4 77192]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-11-14 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2011-10-23 14464]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-12-25 21624]
R1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-10 228376]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-8-23 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-8-23 166840]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-17 655944]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-1-12 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-8-23 976728]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-3-4 28256]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-17 22344]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-12 136176]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-3-4 28256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 CyUsb;X360dock USB Driver;c:\windows\system32\drivers\CyUsb.sys [2011-11-25 34304]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-12 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-3 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2011-12-23 3567]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-21 27192]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-10-12 131344]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-9-30 23096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S4 FreemakeVideoCapture;FreemakeVideoCapture;"c:\program files\freemake\capturelib\capturelibservice.exe" --> c:\program files\freemake\capturelib\CaptureLibService.exe [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-09-08 06:26:07 -------- d-----w- c:\programdata\Premium
2012-09-08 06:20:10 -------- d-----w- c:\programdata\InstallMate
2012-09-08 04:45:11 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-08 04:45:11 -------- d-----w- c:\users\jxsilicon9\appdata\local\temp
2012-09-08 03:54:26 98304 ----a-r- c:\users\jxsilicon9\appdata\roaming\microsoft\installer\{c0c31bcc-56fb-42a7-8766-d29e1bd74c7c}\python_icon.exe
2012-09-08 03:53:45 -------- d-----w- C:\Python27
2012-09-08 03:20:18 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\SpeedyPC Software
2012-09-08 03:19:57 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-09-08 03:19:52 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-08 03:19:52 -------- d-----w- c:\program files\SpeedyPC Software
2012-09-04 09:54:30 77192 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2012-09-01 14:50:42 -------- d-----w- c:\users\jxsilicon9\appdata\local\PDF Writer
2012-09-01 14:46:56 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2012-09-01 14:46:56 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2012-09-01 14:46:56 103424 ----a-w- c:\windows\system32\bzDCT.dll
2012-09-01 14:46:56 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\PDF Writer
2012-09-01 14:46:56 -------- d-----w- c:\programdata\PDF Writer
2012-09-01 14:46:56 -------- d-----w- c:\program files\common files\Bullzip
2012-09-01 14:46:52 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-09-01 14:46:21 140288 ----a-w- c:\windows\system32\comdlg32.OCX
2012-09-01 14:46:21 -------- d-----w- c:\program files\Bullzip
2012-09-01 14:42:11 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-08-31 09:19:36 -------- d-----w- c:\program files\SuperNZB
2012-08-30 11:12:45 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\NewsLeecher
2012-08-23 21:20:08 65816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-08-23 12:30:02 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\RealNetworks
2012-08-18 18:51:41 -------- d-----w- c:\users\jxsilicon9\appdata\local\Macromedia
.
==================== Find3M ====================
.
2012-08-18 18:51:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 18:51:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 23:10:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-12 20:15:07 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:09:48.64 ===============
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by jxsilicon9 at 14:08:17 on 2012-09-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.570 [GMT -5:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Users\jxsilicon9\Desktop\gmer.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jxsilicon9\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 89.238.154.124:3128
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
StartupFolder: c:\users\jxsili~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rizone~1.lnk - c:\users\jxsilicon9\desktop\memboost-1-7-9-1798\memBoost.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: FoxyProxy - c:\programdata\fpie\FoxyProxyAdd-on.dll/IDR_HTML1
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{34193906-4DBB-4C9E-988E-EB99ACF7439C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{34193906-4DBB-4C9E-988E-EB99ACF7439C}\2375942554831323 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jxsilicon9\appdata\roaming\mozilla\firefox\profiles\v50btw40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jxsilicon9\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\jxsilicon9\appdata\roaming\mozilla\firefox\profiles\v50btw40.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\jxsilicon9\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-8-23 65816]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-9-4 77192]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-11-14 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2011-10-23 14464]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-12-25 21624]
R1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-10 228376]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-8-23 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-8-23 166840]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-17 655944]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-1-12 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-8-23 976728]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-3-4 28256]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-17 22344]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-12 136176]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-3-4 28256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 CyUsb;X360dock USB Driver;c:\windows\system32\drivers\CyUsb.sys [2011-11-25 34304]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-12 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-3 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2011-12-23 3567]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-21 27192]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-10-12 131344]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-9-30 23096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S4 FreemakeVideoCapture;FreemakeVideoCapture;"c:\program files\freemake\capturelib\capturelibservice.exe" --> c:\program files\freemake\capturelib\CaptureLibService.exe [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-09-08 06:26:07 -------- d-----w- c:\programdata\Premium
2012-09-08 06:20:10 -------- d-----w- c:\programdata\InstallMate
2012-09-08 04:45:11 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-08 04:45:11 -------- d-----w- c:\users\jxsilicon9\appdata\local\temp
2012-09-08 03:54:26 98304 ----a-r- c:\users\jxsilicon9\appdata\roaming\microsoft\installer\{c0c31bcc-56fb-42a7-8766-d29e1bd74c7c}\python_icon.exe
2012-09-08 03:53:45 -------- d-----w- C:\Python27
2012-09-08 03:20:18 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\SpeedyPC Software
2012-09-08 03:19:57 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-09-08 03:19:52 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-08 03:19:52 -------- d-----w- c:\program files\SpeedyPC Software
2012-09-04 09:54:30 77192 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2012-09-01 14:50:42 -------- d-----w- c:\users\jxsilicon9\appdata\local\PDF Writer
2012-09-01 14:46:56 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2012-09-01 14:46:56 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2012-09-01 14:46:56 103424 ----a-w- c:\windows\system32\bzDCT.dll
2012-09-01 14:46:56 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\PDF Writer
2012-09-01 14:46:56 -------- d-----w- c:\programdata\PDF Writer
2012-09-01 14:46:56 -------- d-----w- c:\program files\common files\Bullzip
2012-09-01 14:46:52 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-09-01 14:46:21 140288 ----a-w- c:\windows\system32\comdlg32.OCX
2012-09-01 14:46:21 -------- d-----w- c:\program files\Bullzip
2012-09-01 14:42:11 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-08-31 09:19:36 -------- d-----w- c:\program files\SuperNZB
2012-08-30 11:12:45 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\NewsLeecher
2012-08-23 21:20:08 65816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-08-23 12:30:02 -------- d-----w- c:\users\jxsilicon9\appdata\roaming\RealNetworks
2012-08-18 18:51:41 -------- d-----w- c:\users\jxsilicon9\appdata\local\Macromedia
.
==================== Find3M ====================
.
2012-08-18 18:51:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 18:51:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 23:10:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-12 20:15:07 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:09:48.64 ===============