Firefox issue

M

Motorcharge

Well-Known Member
Tried googling this first but really didn't know how to phrase it.

Anyway often times when I'm typing in Firefox the cursor randomly disappears as if I've clicked another window and I have to click Firefox again for it to be the top window. It's not minimizing and nothing else is popping up in it's place. It's very random. Sometimes it will do it back to back constantly, sometimes it will happen at random intervals a few seconds apart and sometimes it wont happen for hours then start doing it again. The best way I can describe it is if I had a window on my second monitor and someone clicked that window as I was typing this and I had to take and click this window again to be able to type or use Firefox.

I've scanned in both regular and safe mode with Malware Bytes, Advanced System Care and Windows Malicious Software Removal tool. None of the scans have found anything. I've also tried closing out of as many programs as I can that are running in the background and that hasn't helped either.

It seems to happen most when I'm typing on vBulletin based forums. It happens all the time here and over on Jeepforum.
 
gamblingman

gamblingman

VIP Member
I'm wondering if it happens even if you aren't typing or working online.

Also, do you have another mouse you can use? If so then try a different mouse. If the problem persists then it isn't the mouse, and if it stops then you have your answer.

Have you had any os error pop-ups lately?
 
M

Motorcharge

Well-Known Member
Only when I'm typing in vbulletin it seems. I can sit on facebook for hours and it never happens. No OS errors or any other errors to speak of.
 
gamblingman

gamblingman

VIP Member
Sounds like might be an issue with firefox. Try another browser for awhile and see what happens. If it stops happening use firefox again, but with addons disabled. If it still doesnt happen, good chance its one of your addons.
 
M

Motorcharge

Well-Known Member
Well it's not Firefox or the mouse. Did everything I could think of to FF from disabling/removing add ons to reinstalling. Moved the mouse to another USB port and reinstalled it, problem persists.

It's now doing it no matter what program I'm in and far more frequently (almost constantly). Firefox, Chrome, VLC, notepad, anything. I'm also occasionally (1-2 times a night) getting download pop ups for an mp3 download from some blog site.
 
M

Motorcharge

Well-Known Member
Ran malware earlier today in safe mode, full scan and it came up clean. Really don't want to redo it unless necessary.

_______________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:02 PM, on 6/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Bre\Downloads\HijackThis.exe
C:\Windows\SysWOW64\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12744 bytes
 
johnb35

johnb35

Administrator
Staff member
Ok, Download and run combofix. I see some issues.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
M

Motorcharge

Well-Known Member
Downloaded it and ran the installer and it just disappears when it finishes and nothing happens. Deleted it and tried again, same result.
 
johnb35

johnb35

Administrator
Staff member
Try in safe mode.




Also try running tdsskiller to make sure you don't have a rootkit running.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.


If all else fails, run rkill and then try running combofix.

Rkill - http://download.bleepingcomputer.com/grinler/rkill.scr
 
M

Motorcharge

Well-Known Member
Combofix results:

ComboFix 12-06-20.02 - Bre 06/20/2012 20:02:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2156 [GMT -4:00]
Running from: c:\users\Bre\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\00000004.@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\1afb2d56
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\80000032.@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000004.@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000008.@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\000000cb.@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000000.@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000032.@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000064.@
c:\users\Bre\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\searchplugins\bing-zugo.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\lmhosts
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-19 00:25 . 2012-06-19 00:25 -------- d-----w- c:\program files (x86)\Application Updater
2012-06-19 00:25 . 2012-06-19 00:25 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-06-19 00:25 . 2012-06-19 00:25 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-17 19:36 . 2011-07-20 18:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-06-17 19:36 . 2012-06-17 19:48 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-06-17 19:36 . 2012-06-17 19:36 -------- d-----w- c:\program files (x86)\Research In Motion
2012-06-12 20:50 . 2011-10-12 22:14 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-06-12 20:50 . 2011-10-12 22:14 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-06-12 20:50 . 2011-10-12 22:14 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-06-12 20:49 . 2012-06-12 20:49 -------- d-----w- c:\users\Bre\AppData\Roaming\TuneUp Software
2012-06-12 20:49 . 2012-06-12 20:50 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-06-12 20:49 . 2012-06-12 20:50 -------- d-----w- c:\programdata\TuneUp Software
2012-06-12 20:48 . 2012-06-12 20:48 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-06 14:46 . 2012-06-06 14:46 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 14:46 . 2012-06-06 14:46 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 19:17 . 2012-06-05 19:17 -------- d-----w- c:\program files (x86)\Hobbyist Software
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-24 20:48 . 2012-05-24 20:48 -------- d-----w- c:\programdata\Adobe Systems
2012-05-24 20:46 . 2012-05-24 20:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 23:51 . 2012-05-17 23:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-04-26 07:09 . 2012-04-26 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-26 07:09 . 2012-04-26 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-25 22:44 . 2012-04-25 22:44 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-25 22:36 . 2012-04-25 22:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 22:36 . 2012-04-25 22:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-25 22:33 . 2012-04-25 22:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-25 22:33 . 2012-04-25 22:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-25 22:33 . 2012-04-25 22:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-25 22:32 . 2012-04-25 22:32 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-25 22:32 . 2012-04-25 22:32 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-25 22:32 . 2012-04-25 22:32 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 22:32 . 2012-04-25 22:32 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-25 22:27 . 2012-04-25 22:27 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-25 22:27 . 2012-04-25 22:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-25 22:26 . 2012-04-25 22:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-25 22:23 . 2012-04-25 22:23 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-25 22:23 . 2012-04-25 22:23 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-25 22:21 . 2012-04-25 22:21 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-25 22:21 . 2012-04-25 22:21 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-04-25 22:21 . 2012-04-25 22:21 395776 ----a-w- c:\windows\system32\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 340992 ----a-w- c:\windows\system32\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 31232 ----a-w- c:\windows\system32\lsass.exe
2012-04-25 22:21 . 2012-04-25 22:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 28160 ----a-w- c:\windows\system32\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-04-25 22:21 . 2012-04-25 22:21 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-04-25 22:21 . 2012-04-25 22:21 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-04-25 22:20 . 2012-04-25 22:20 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-25 22:20 . 2012-04-25 22:20 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-25 22:16 . 2012-04-25 22:16 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-25 22:16 . 2012-04-25 22:16 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-25 22:07 . 2012-04-25 22:07 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-25 22:07 . 2012-04-25 22:07 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-25 22:06 . 2012-04-25 22:06 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-25 22:06 . 2012-04-25 22:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-13 08:46 . 2012-04-25 07:33 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41CB3D6F-1963-4E87-B780-A71E76739471}\mpengine.dll
2012-04-04 19:56 . 2012-04-25 22:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-11 18:13 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 18:13 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 1088904]
.
c:\users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-13 792512]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-12 2072896]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [x]
S3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-09-22 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF24505.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-77211938.sys
Toolbar-Locked - (no file)
AddRemove-Zune Explorer Enabler - c:\windows\system32\tpuninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-06-20 20:13:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 00:13
.
Pre-Run: 138,700,808,192 bytes free
Post-Run: 138,163,802,112 bytes free
.
- - End Of File - - 7B268CA3A23D6FDCA2C55A96BF239AC0
 
johnb35

johnb35

Administrator
Staff member
Ok, in the mean time while you are testing it out, lets get a couple other things done.

1.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

2.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Reglock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

3.

Post a fresh hijackthis log.


Also, go into add/remove programs and uninstall any entries that relate to Spigot or Search settings.
 
Last edited:
M

Motorcharge

Well-Known Member
ESETlog:

C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\[email protected] probably a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\[email protected] Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\[email protected] Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\[email protected] probably a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\[email protected] Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\TDSSKiller_Quarantine\20.06.2012_19.53.47\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan
 
M

Motorcharge

Well-Known Member
ComboFix 12-06-20.02 - Bre 06/20/2012 21:50:59.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2355 [GMT -4:00]
Running from: C:\Users\Bre\Downloads\ComboFix.exe
Command switches used :: C:\Users\Bre\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Bre\AppData\Local\Temp\1.tmp\F_IN_BOX.dll


((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))


2012-06-21 01:55:54 . 2012-06-21 01:55:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-21 01:01:10 . 2012-06-21 01:01:10 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-20 23:54:17 . 2012-06-20 23:54:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-19 00:25:45 . 2012-06-19 00:25:46 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-06-19 00:25:45 . 2012-06-19 00:25:45 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2012-06-19 00:25:45 . 2012-06-19 00:25:45 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-06-17 21:10:03 . 2012-06-17 21:10:03 -------- d-----w- C:\Program Files\Microsoft Silverlight
2012-06-17 21:10:03 . 2012-06-17 21:10:03 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
2012-06-17 19:36:58 . 2011-07-20 18:58:22 44032 ----a-w- C:\Windows\system32\drivers\RimSerial_AMD64.sys
2012-06-17 19:36:43 . 2012-06-17 19:48:57 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-06-17 19:36:43 . 2012-06-17 19:36:43 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-06-12 20:50:21 . 2011-10-12 22:14:20 34624 ----a-w- C:\Windows\system32\TURegOpt.exe
2012-06-12 20:50:21 . 2011-10-12 22:14:08 25920 ----a-w- C:\Windows\system32\authuitu.dll
2012-06-12 20:50:21 . 2011-10-12 22:14:08 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-06-12 20:49:41 . 2012-06-12 20:49:41 -------- d-----w- C:\Users\Bre\AppData\Roaming\TuneUp Software
2012-06-12 20:49:33 . 2012-06-12 20:50:19 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
2012-06-12 20:49:13 . 2012-06-12 20:50:24 -------- d-----w- C:\ProgramData\TuneUp Software
2012-06-12 20:48:59 . 2012-06-12 20:48:59 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-06 14:46:38 . 2012-06-06 14:46:38 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 14:46:38 . 2012-06-06 14:46:38 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 19:17:59 . 2012-06-05 19:17:59 -------- d-----w- C:\Program Files (x86)\Hobbyist Software
2012-05-30 17:59:30 . 2012-05-30 17:59:30 4966600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-24 20:48:57 . 2012-05-24 20:48:57 -------- d-----w- C:\ProgramData\Adobe Systems
2012-05-24 20:46:41 . 2012-05-24 20:46:41 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-17 23:51:45 . 2012-05-17 23:51:45 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50:06 . 2012-05-17 22:50:06 71680 ----a-w- C:\Windows\system32\frapsv64.dll
2012-05-17 22:50:04 . 2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 85504 ----a-w- C:\Windows\system32\iesetup.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 76800 ----a-w- C:\Windows\system32\tdc.ocx
2012-04-26 07:09:34 . 2012-04-26 07:09:34 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2012-04-26 07:09:34 . 2012-04-26 07:09:34 603648 ----a-w- C:\Windows\system32\vbscript.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 49664 ----a-w- C:\Windows\system32\imgutil.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 448512 ----a-w- C:\Windows\system32\html.iec
2012-04-26 07:09:34 . 2012-04-26 07:09:34 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 367104 ----a-w- C:\Windows\SysWow64\html.iec
2012-04-26 07:09:34 . 2012-04-26 07:09:34 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 222208 ----a-w- C:\Windows\system32\msls31.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 165888 ----a-w- C:\Windows\system32\iexpress.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 160256 ----a-w- C:\Windows\system32\wextract.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 12288 ----a-w- C:\Windows\system32\mshta.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2012-04-26 07:09:34 . 2012-04-26 07:09:34 114176 ----a-w- C:\Windows\system32\admparse.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2012-04-26 07:09:34 . 2012-04-26 07:09:34 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2012-04-25 22:44:34 . 2012-04-25 22:44:34 23112 ----a-w- C:\Windows\system32\drivers\hitmanpro35.sys
2012-04-25 22:36:56 . 2012-04-25 22:36:56 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-25 22:36:56 . 2012-04-25 22:36:56 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-25 22:36:56 . 2012-04-25 22:36:56 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-25 22:36:56 . 2012-04-25 22:36:56 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-25 22:36:56 . 2012-04-25 22:36:56 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-25 22:36:56 . 2012-04-25 22:36:56 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-25 22:36:56 . 2012-04-25 22:36:56 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-25 22:33:29 . 2012-04-25 22:33:29 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-04-25 22:33:29 . 2012-04-25 22:33:29 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-04-25 22:33:29 . 2012-04-25 22:33:29 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-04-25 22:32:27 . 2012-04-25 22:32:27 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-25 22:32:27 . 2012-04-25 22:32:27 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-04-25 22:32:27 . 2012-04-25 22:32:27 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-04-25 22:32:27 . 2012-04-25 22:32:27 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-04-25 22:27:10 . 2012-04-25 22:27:10 509952 ----a-w- C:\Windows\system32\ntshrui.dll
2012-04-25 22:27:10 . 2012-04-25 22:27:10 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-04-25 22:26:52 . 2012-04-25 22:26:52 515584 ----a-w- C:\Windows\system32\timedate.cpl
2012-04-25 22:26:52 . 2012-04-25 22:26:52 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-04-25 22:26:38 . 2012-04-25 22:26:38 498688 ----a-w- C:\Windows\system32\drivers\afd.sys
2012-04-25 22:23:05 . 2012-04-25 22:23:05 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-04-25 22:23:05 . 2012-04-25 22:23:05 634880 ----a-w- C:\Windows\system32\msvcrt.dll
2012-04-25 22:21:56 . 2012-04-25 22:21:56 1731920 ----a-w- C:\Windows\system32\ntdll.dll
2012-04-25 22:21:56 . 2012-04-25 22:21:56 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 95600 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2012-04-25 22:21:30 . 2012-04-25 22:21:30 459232 ----a-w- C:\Windows\system32\drivers\cng.sys
2012-04-25 22:21:30 . 2012-04-25 22:21:30 395776 ----a-w- C:\Windows\system32\webio.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 340992 ----a-w- C:\Windows\system32\schannel.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 31232 ----a-w- C:\Windows\system32\lsass.exe
2012-04-25 22:21:30 . 2012-04-25 22:21:30 29184 ----a-w- C:\Windows\system32\sspisrv.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 28160 ----a-w- C:\Windows\system32\secur32.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 152432 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2012-04-25 22:21:30 . 2012-04-25 22:21:30 1447936 ----a-w- C:\Windows\system32\lsasrv.dll
2012-04-25 22:21:30 . 2012-04-25 22:21:30 136192 ----a-w- C:\Windows\system32\sspicli.dll
2012-04-25 22:21:05 . 2012-04-25 22:21:05 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-04-25 22:21:05 . 2012-04-25 22:21:05 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-04-25 22:21:05 . 2012-04-25 22:21:05 1572864 ----a-w- C:\Windows\system32\quartz.dll
2012-04-25 22:21:05 . 2012-04-25 22:21:05 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-04-25 22:20:37 . 2012-04-25 22:20:37 77312 ----a-w- C:\Windows\system32\packager.dll
2012-04-25 22:20:37 . 2012-04-25 22:20:37 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-25 22:16:43 . 2012-04-25 22:16:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-25 22:16:43 . 2012-04-25 22:16:43 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-04-25 22:16:17 . 2012-04-25 22:16:17 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2012-04-25 22:16:00 . 2012-04-25 22:16:00 723456 ----a-w- C:\Windows\system32\EncDec.dll
2012-04-25 22:16:00 . 2012-04-25 22:16:00 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-25 22:07:28 . 2012-04-25 22:07:28 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-04-25 22:07:28 . 2012-04-25 22:07:28 613888 ----a-w- C:\Windows\system32\psisdecd.dll
2012-04-25 22:07:28 . 2012-04-25 22:07:28 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-04-25 22:07:28 . 2012-04-25 22:07:28 108032 ----a-w- C:\Windows\system32\psisrndr.ax
2012-04-25 22:06:58 . 2012-04-25 22:06:58 861696 ----a-w- C:\Windows\system32\oleaut32.dll
2012-04-25 22:06:58 . 2012-04-25 22:06:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-04-25 22:06:58 . 2012-04-25 22:06:58 331776 ----a-w- C:\Windows\system32\oleacc.dll
2012-04-25 22:06:58 . 2012-04-25 22:06:58 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-04-19 00:56:30 . 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 . 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-13 08:46:11 . 2012-04-25 07:33:21 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41CB3D6F-1963-4E87-B780-A71E76739471}\mpengine.dll
2012-04-04 19:56:40 . 2012-04-25 22:50:39 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-03-31 06:05:57 . 2012-05-11 18:13:08 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-03-31 04:39:37 . 2012-05-11 18:13:06 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2011-02-26 06:26:45 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 06:23:14 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 06:14:34 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 06:19:30 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 13:24:45 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 06:38:38 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 06:34:59 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\explorer.exe
[7] 2009-10-31 06:34:59 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 06:19:07 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 06:17:37 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 01:39:10 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

((((((((((((((((((((((((((((( SnapShot@2012-06-21_00.09.10 )))))))))))))))))))))))))))))))))))))))))

+ 2009-07-14 05:10:35 . 2012-06-21 00:10:37 29994 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 19:48:56 . 2012-06-21 00:10:37 12686 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-520610219-17727062-633966983-1000_UserData.bin
+ 2012-06-21 01:57:25 . 2012-06-21 01:57:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 00:08:48 . 2012-06-21 00:08:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 01:57:25 . 2012-06-21 01:57:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54:17 . 2012-06-21 00:08:53 131072 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2012-06-20 23:55:41 131072 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54:17 . 2012-06-21 00:08:53 229376 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54:17 . 2012-06-20 23:55:41 229376 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36:59 . 2012-06-21 00:00:23 623940 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-06-21 00:14:17 623940 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-06-21 00:14:17 106316 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2012-06-21 00:00:23 106316 C:\Windows\system32\perfc009.dat
+ 2009-07-14 05:01:48 . 2012-06-21 01:56:03 513088 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01:48 . 2012-06-21 00:08:11 513088 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54:17 . 2012-06-21 00:08:53 2539520 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:17 . 2012-06-20 23:55:41 2539520 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-19 10:39:14 . 2012-06-21 01:56:08 54977874 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-520610219-17727062-633966983-1000-12288.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04:00 81920 ----a-w- C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 15:04:00 81920]

[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" [2007-09-02 20:58:52 495616]
"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 19:56:36 288128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 21:58:52 244480]
"InstaLAN"="C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 02:08:32 1770400]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 17:37:14 517096]
"AdobeCS5.5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 11:08:56 1523360]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 01:28:32 59240]
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 06:00:44 90448]
"SearchSettings"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-13 21:37:04 1088904]

C:\Users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2011-9-18 102912]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04:08 136176]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 19:17:44 160944]
R3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04:08 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 10:21:03 113120]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-11-07 02:24:34 24176]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 17:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 10:08:46 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 16:53:12 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 16:04:52 913792]
S2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-13 21:27:26 792512]
S2 cpuz135;cpuz135;C:\Windows\system32\drivers\cpuz135_x64.sys [x]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 22:04:44 62208]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 17:56:52 3048136]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-12 22:14:14 2072896]
S2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 09:11:42 20512]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 01:47:12 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys [x]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys [x]
S3 SPC620;Philips SPC620NC PC Camera;C:\Windows\system32\drivers\SPC620.sys [x]
S3 SPC620m;Philips SPC620NC PC Cameram;C:\Windows\system32\drivers\SPC620m.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-09-22 17:08:26 11856]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2012-06-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04:09 . 2011-09-18 22:04:08]

2012-06-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04:09 . 2011-09-18 22:04:08]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 11:23:26 7981088]
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe" [2011-07-28 20:25:56 110360]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-02-12 02:25:56 162328]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-02-12 02:25:38 386584]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-02-12 02:25:46 417304]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 21:42:18 499608]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
 
M

Motorcharge

Well-Known Member
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:29 PM, on 6/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Bre\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11043 bytes
 
johnb35

johnb35

Administrator
Staff member
I still see certain entries in your log. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents of it back here.
 
M

Motorcharge

Well-Known Member
Update for Microsoft Office 2007 (KB2508958)
µTorrent
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Photoshop CS5.1
Adobe Reader 9.1 MUI
Adobe Stock Photos 1.0
Advanced SystemCare 5
Advertising Center
Aiseesoft FLV to MP3 Converter 6.2.16
Apple Application Support
Apple Software Update
Backup Manager Advance
Belkin Setup and Router Monitor
Belkin USB Wireless Adaptor
BlackBerry USB and Modem Drivers 7.0
BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
BufferChm
Camtasia Studio 7
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Curse Client
D3DX10
DAEMON Tools Lite
Destinations
DeviceDiscovery
Diablo III
DocMgr
DocProc
ESET Online Scanner v3
Fallout
Fax
FLV To MP3 Converter V3.0.4
Fraps (remove only)
Free FLAC to MP3 Converter 1.0
Free FLV Converter V 7.2.0
Freecorder 5
Freecorder Toolbar
Game Booster 3
Gateway InfoCentre
Gateway MyBackup
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Update Helper
GPBaseService2
HP Update
HPProductAssistant
HPSSupply
Identity Card
ImageShack Uploader 2.2.0
ImagXpress
IObit Toolbar v5.9
Java Auto Updater
Java(TM) 6 Update 26
Joli OS
Junk Mail filter update
K-Lite Codec Pack 7.8.0 (Basic)
KENWOOD Music Editor Light
Launchpad Enhanced
Malwarebytes Anti-Malware version 1.61.0.1400
ManyCam 2.6.55 (remove only)
MarketResearch
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minecraft Cracked
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero StartSmart
Nero StartSmart OEM
neroxml
Opera 11.61
PdaNet for Android 3.02
PDF Settings CS5
Philips SPC620NC Webcam
Plants vs. Zombies
puzzle.watype.net/jigsawlite
QuickTime
Rainmeter
Realtek High Definition Audio Driver
RocketDock 1.3.5
Scan
Screenshot It Enabler
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sibelius 7 OpenType Fonts
Skype Click to Call
Skype™ 5.9
SmartWebPrinting
SolutionCenter
SoulSeek 157 NS 13e
Star Wars Galaxies
Status
Steam
System Requirements Lab CYRI
Toolbox
TrayApp
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.1
VLC Setup Helper
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Remote Service
World of Warcraft
World of Warcraft Public Test
Zune Explorer Enabler
 
You must log in or register to reply here.
Top