i may have picked up a virus or malware...possibly through java...eset nod32 is seeing my Church website, oronaz.org (ip address 205.186.179.147) as "Access to the web page was blocked by ESET NOD32 Antivirus. The web page is on the list of websites with potentially dangerous content." i've never had a problem with that site before, and the first time i tried google, eset also blocked google...now i can get to google, but when i try to "x" out the eset warning about oronaz.org, it won't go away. i downloaded gmer and dds.scr, will attach the reports...
this is the url i clicked on for oronaz.org at google, which eset is blocking: http://www.google.com/url?sa=t&rct=j...45512109,d.cGE
as you can see, it is the site for sermons from my Church...when i clicked on the above url through techsupportforum.com on preview of this post, the site came up...don't know what that means...
anyway, here is the dds.scr & gmer report...and thank you for any and all help...
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by owner at 12:11:07 on 2013-04-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3318.1871 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Pogo Games\PGMTrusted.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search.com searchbox: {25f91356-743d-4a72-85bf-c49033ffa72b} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files\pogo games\iWinGamesHookIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Search.com searchbox: {25f91356-743d-4a72-85bf-c49033ffa72b} -
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{44EE6654-CF64-461F-8EF1-15CF9E3044D1} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\
FF - prefs.js: browser.search.selectedEngine - Search and Earn Points!
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-03-08 17:06; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
FF - ExtSQL: 2013-03-12 13:18; {1730544c-e860-fcd4-3516-b8c727e1a26e}; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\extensions\{1730544c-e860-fcd4-3516-b8c727e1a26e}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111808&tt=020512_mntb_est
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 244e2001000000000000001372d6b794
FF - user.js: extensions.BabylonToolbar_i.hardId - 244e2001000000000000001372d6b794
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15477
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:50:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-12-21 171680]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-12-21 1333424]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-12-21 105760]
R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-1-4 519888]
R3 kgloapow;kgloapow;C:\kgloapow.sys [2013-4-21 103680]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-4-16 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-11-23 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-4-16 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-4-16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-4-16 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-4-16 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-23 52224]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-22 1343400]
.
=============== Created Last 30 ================
.
2013-04-21 18:24:10 103680 ----a-w- C:\kgloapow.sys
2013-04-20 19:53:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-10 18:16:26 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 18:16:25 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:16:23 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 18:16:23 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 18:16:23 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 18:16:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 18:16:17 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 18:16:16 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 18:16:16 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 18:16:08 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-03 01:23:03 -------- d-----w- c:\program files\Coupons
.
==================== Find3M ====================
.
2013-03-31 23:42:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-31 23:42:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-24 20:20:49 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-24 20:20:49 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 12:16:28.75 ===============
this is the url i clicked on for oronaz.org at google, which eset is blocking: http://www.google.com/url?sa=t&rct=j...45512109,d.cGE
as you can see, it is the site for sermons from my Church...when i clicked on the above url through techsupportforum.com on preview of this post, the site came up...don't know what that means...
anyway, here is the dds.scr & gmer report...and thank you for any and all help...
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by owner at 12:11:07 on 2013-04-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3318.1871 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Pogo Games\PGMTrusted.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search.com searchbox: {25f91356-743d-4a72-85bf-c49033ffa72b} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files\pogo games\iWinGamesHookIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Search.com searchbox: {25f91356-743d-4a72-85bf-c49033ffa72b} -
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{44EE6654-CF64-461F-8EF1-15CF9E3044D1} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\
FF - prefs.js: browser.search.selectedEngine - Search and Earn Points!
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-03-08 17:06; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
FF - ExtSQL: 2013-03-12 13:18; {1730544c-e860-fcd4-3516-b8c727e1a26e}; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\extensions\{1730544c-e860-fcd4-3516-b8c727e1a26e}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111808&tt=020512_mntb_est
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 244e2001000000000000001372d6b794
FF - user.js: extensions.BabylonToolbar_i.hardId - 244e2001000000000000001372d6b794
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15477
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:50:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-12-21 171680]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-12-21 1333424]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-12-21 105760]
R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-1-4 519888]
R3 kgloapow;kgloapow;C:\kgloapow.sys [2013-4-21 103680]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-4-16 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-11-23 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-4-16 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-4-16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-4-16 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-4-16 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-23 52224]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-22 1343400]
.
=============== Created Last 30 ================
.
2013-04-21 18:24:10 103680 ----a-w- C:\kgloapow.sys
2013-04-20 19:53:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-10 18:16:26 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 18:16:25 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:16:23 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 18:16:23 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 18:16:23 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 18:16:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 18:16:17 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 18:16:16 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 18:16:16 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 18:16:08 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-03 01:23:03 -------- d-----w- c:\program files\Coupons
.
==================== Find3M ====================
.
2013-03-31 23:42:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-31 23:42:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-24 20:20:49 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-24 20:20:49 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 12:16:28.75 ===============