Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013 Ran by Taylor (administrator) on 04-08-2013 21:39:44 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [PrintDisp] - C:\Windows\system32\PrintDisp.exe [883200 2010-01-21] (ActMask Co.,Ltd - http://www.all2pdf.com) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKCU\...\Run: [GoogleChromeAutoLaunch_0558B37369EDB14D0126D02CBEE09976] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808 2013-05-29] (Google Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () Startup: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyEzy0DtByByDyD0FtCyEtN0D0Tzu0StByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=391303777 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyEzy0DtByByDyD0FtCyEtN0D0Tzu0StByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=391303777 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyEzy0DtByByDyD0FtCyEtN0D0Tzu0StByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=391303777 SearchScopes: HKLM-x32 - DefaultScope {13715973-98B0-4B64-A5C1-0055C0A67C20} URL = SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} SearchScopes: HKLM-x32 - {0D736930-2603-0DB7-7129-0859E3B6A9BE} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HIxdm002YYus&ptnrS=HIxdm002YYus&si=CKS9zdist68CFUqQ7QodnnWBiA&ptb=DB5C814D-A075-4A10-AACC-3D4ECF2324A1&ind=2012041513&n=77ed5129&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEyEzy0DtByByDyD0FtCyEtN0D0Tzu0StByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=391303777 SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S03644^us&si=CMKVw9z0p7MCFRR7nAodcwcAmQ&ptb=D80DB6B9-2AC2-4DBC-9671-7D2EE51F8936&psa=&ind=2012103023&st=sb&n=77ee416f&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {13715973-98B0-4B64-A5C1-0055C0A67C20} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN20321007978032942&UM=2 SearchScopes: HKCU - Backup.Old.DefaultScope {C04B7D22-5AEC-4561-8F49-27F6269208F6} SearchScopes: HKCU - {0D736930-2603-0DB7-7129-0859E3B6A9BE} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80375&lng=en SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119351&babsrc=SP_ss&mntrId=76455f1400000000000000262d6317f0 SearchScopes: HKCU - {13715973-98B0-4B64-A5C1-0055C0A67C20} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN20321007978032942&UM=2 SearchScopes: HKCU - {37A8193B-DCCC-4928-9D0C-5CFF95B8DC35} URL = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^YY^US&apn_uid=67c7cdc1-f4be-4293-990c-f9f93115c5e1&apn_sauid=ECCC0C39-889A-4851-970C-0E67E9C80AEE SearchScopes: HKCU - {4CD97343-3243-48EC-897A-991EA7977995} URL = http://www.mysearchresults.com/search?&c=2639&t=03&q={searchTerms} SearchScopes: HKCU - {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HIxdm002YYus&ptnrS=HIxdm002YYus&si=CKS9zdist68CFUqQ7QodnnWBiA&ptb=DB5C814D-A075-4A10-AACC-3D4ECF2324A1&ind=2012041513&n=77ed5129&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=A8B428A001CD9E9401889F52&install_time=2012-09-29T22:49:14Z&src_id=31154&camp_id=5105&tb_version=1.2.2000.2(B) SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80273&iwk=246&lng=en BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll No File BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Taylor\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.) BHO-x32: No Name - {6492E171-2427-4932-B414-33574A089F5E} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Taylor\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Search Assistant BHO - {9b9dcae3-be34-424c-8d73-75e305a9e091} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcSrcAs.dll No File BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Toolbar BHO - {dc9051c2-8f55-479a-97a4-747980d9047f} - C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbar.dll No File BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - WeatherBlink - {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://ferguson.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" FireFox: ======== FF ProfilePath: C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Path=Profiles\3dgov41f.Bethanne FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Taylor\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Taylor\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml FF Extension: No Name - C:\Users\Taylor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [gcffxtbr@WeatherBlink.com] C:\Program Files (x86)\WeatherBlink\bar\1.bin FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] C:\Program Files (x86)\OApps\firefoxaddon Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN23794523641659329&UM=2 CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN23794523641659329&UM=2" CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23794523641659329&ctid=CT3289663&UM=2 CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN23794523641659329&UM=2 CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll () CHR Plugin: (registryAccess) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.0.0_0\background/registryAccess.dll No File CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No File CHR Plugin: (Conduit Radio Plugin) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\plugins/np-cwmp.dll No File CHR Plugin: (Wajam) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll (Wajam) CHR Plugin: (Skype Toolbars) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll (Skype Technologies S.A.) CHR Plugin: (npDefaultTabSearch plugin) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0\plugins/npDefaultTabSearch.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll No File CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Free Realms Installer) - C:\Users\Taylor\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll () CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Taylor\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File CHR Plugin: (Facebook Plugin) - C:\Users\Taylor\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Oovoo Toolbar) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.5.41943_0 CHR Extension: (Sing Along) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.111_0 CHR Extension: (Entanglement) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0 CHR Extension: (Delta Toolbar) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0 CHR Extension: (InternetHelper1.5) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.15.2.523_4 CHR Extension: (Wajam) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0 CHR Extension: () - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0 CHR Extension: (Skype Click to Call) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0 CHR Extension: (Poppit) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 CHR Extension: (AVG SafeGuard toolbar) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0 CHR Extension: (InternetHelper3.1) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.15.2.523_0 CHR Extension: (Yontoo) - C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0 CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Taylor\AppData\Local\funmoods.crx CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Taylor\AppData\Local\funmoods-speeddial.crx CHR HKLM-x32\...\Chrome\Extension: [fgkbmedckhcibhkdhaokebnllokeokek] - C:\Users\Taylor\AppData\Local\CRE\fgkbmedckhcibhkdhaokebnllokeokek.crx CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Taylor\AppData\Local\Wajam\Chrome\wajam.crx CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Taylor\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CHR ExtensionInstallForcelist: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 MSSQL$ACT7; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation) S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] () ==================== Drivers (Whitelisted) ==================== R1 AFD; C:\Windows\system32\drivers\afd.sys [22368 2013-06-01] (AVG Technologies CZ, s.r.o. ) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. ) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.) R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22368 2013-06-01] (AVG Technologies CZ, s.r.o. ) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-04 21:39 - 2013-08-04 21:39 - 00000000 ____D C:\FRST 2013-08-04 19:41 - 2013-08-04 19:41 - 00021444 _____ C:\ComboFix.txt 2013-08-04 19:05 - 2013-08-04 19:05 - 00000035 _____ C:\Users\Taylor\AppData\Roaming\SetValue.bat 2013-08-04 19:01 - 2013-08-04 19:05 - 00000000 _____ C:\Windows\system32\tmp.txt 2013-08-04 18:55 - 2009-06-02 11:17 - 00075776 _____ C:\Windows\system32\WS2Fix.exe 2013-08-04 18:55 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe 2013-08-04 18:55 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe 2013-08-04 18:55 - 2008-10-01 15:51 - 00087552 _____ (S!Ri.URZ) C:\Windows\system32\VACFix.exe 2013-08-04 18:55 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe 2013-08-04 18:55 - 2008-08-18 12:19 - 00082432 _____ (S!Ri.URZ) C:\Windows\system32\404Fix.exe 2013-08-04 18:55 - 2008-05-18 21:40 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.exe 2013-08-04 18:55 - 2007-09-06 00:22 - 00289144 _____ (S!Ri) C:\Windows\system32\VCCLSID.exe 2013-08-04 18:55 - 2006-12-01 06:20 - 00079360 _____ (SteelWerX) C:\Windows\system32\swxcacls.exe 2013-08-04 18:55 - 2006-08-29 19:43 - 00135168 _____ (SteelWerX) C:\Windows\system32\swreg.exe 2013-08-04 18:55 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe 2013-08-04 18:55 - 2006-01-09 10:36 - 00040960 _____ C:\Windows\system32\swsc.exe 2013-08-04 18:55 - 2004-07-31 18:50 - 00051200 _____ C:\Windows\system32\dumphive.exe 2013-08-04 18:55 - 2003-06-05 21:13 - 00053248 _____ (http://www.beyondlogic.org) C:\Windows\system32\Process.exe 2013-08-04 18:51 - 2013-08-04 19:07 - 00001470 _____ C:\rapport.txt 2013-08-04 18:51 - 2013-08-04 18:51 - 00000000 _____ C:\Windows\SysWOW64\tmp.txt 2013-08-04 18:49 - 2013-08-04 18:49 - 00003249 _____ C:\Users\Taylor\Desktop\RKreport[0]_D_08042013_184924.txt 2013-08-04 18:49 - 2013-08-04 18:49 - 00000881 _____ C:\Users\Taylor\Desktop\RKreport[0]_H_08042013_184931.txt 2013-08-04 18:49 - 2013-08-04 18:49 - 00000792 _____ C:\Users\Taylor\Desktop\RKreport[0]_PR_08042013_184936.txt 2013-08-04 18:49 - 2013-08-04 18:49 - 00000756 _____ C:\Users\Taylor\Desktop\RKreport[0]_DN_08042013_184941.txt 2013-08-04 18:48 - 2013-08-04 18:48 - 00003073 _____ C:\Users\Taylor\Desktop\RKreport[0]_S_08042013_184801.txt 2013-08-04 18:45 - 2013-08-04 18:50 - 00000000 ____D C:\Users\Taylor\Desktop\RK_Quarantine 2013-08-03 12:27 - 2013-08-03 12:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf 2013-08-03 12:26 - 2013-08-03 12:26 - 00000894 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk 2013-08-03 12:26 - 2013-08-03 12:26 - 00000000 ____D C:\Program Files (x86)\NETGEAR 2013-08-03 12:26 - 2011-12-12 17:42 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2013-08-03 12:26 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys 2013-08-03 12:26 - 2011-12-12 17:42 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2013-08-03 12:26 - 2011-12-12 17:41 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2013-08-03 12:26 - 2011-07-22 10:33 - 00025056 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys 2013-08-03 12:26 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys ==================== One Month Modified Files and Folders ======= 2013-08-04 21:39 - 2013-08-04 21:39 - 00000000 ____D C:\FRST 2013-08-04 21:37 - 2009-11-07 18:09 - 01536282 _____ C:\Windows\WindowsUpdate.log 2013-08-04 21:34 - 2009-08-15 01:59 - 00152476 _____ C:\Windows\PFRO.log 2013-08-04 21:34 - 2009-07-14 00:08 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-04 21:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-04 21:34 - 2009-07-13 23:51 - 00386766 _____ C:\Windows\setupact.log 2013-08-04 19:41 - 2013-08-04 19:41 - 00021444 _____ C:\ComboFix.txt 2013-08-04 19:41 - 2013-01-13 14:22 - 00000000 ____D C:\Qoobox 2013-08-04 19:38 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini 2013-08-04 19:15 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-04 19:15 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-04 19:07 - 2013-08-04 18:51 - 00001470 _____ C:\rapport.txt 2013-08-04 19:05 - 2013-08-04 19:05 - 00000035 _____ C:\Users\Taylor\AppData\Roaming\SetValue.bat 2013-08-04 19:05 - 2013-08-04 19:01 - 00000000 _____ C:\Windows\system32\tmp.txt 2013-08-04 18:51 - 2013-08-04 18:51 - 00000000 _____ C:\Windows\SysWOW64\tmp.txt 2013-08-04 18:50 - 2013-08-04 18:45 - 00000000 ____D C:\Users\Taylor\Desktop\RK_Quarantine 2013-08-04 18:49 - 2013-08-04 18:49 - 00003249 _____ C:\Users\Taylor\Desktop\RKreport[0]_D_08042013_184924.txt 2013-08-04 18:49 - 2013-08-04 18:49 - 00000881 _____ C:\Users\Taylor\Desktop\RKreport[0]_H_08042013_184931.txt 2013-08-04 18:49 - 2013-08-04 18:49 - 00000792 _____ C:\Users\Taylor\Desktop\RKreport[0]_PR_08042013_184936.txt 2013-08-04 18:49 - 2013-08-04 18:49 - 00000756 _____ C:\Users\Taylor\Desktop\RKreport[0]_DN_08042013_184941.txt 2013-08-04 18:48 - 2013-08-04 18:48 - 00003073 _____ C:\Users\Taylor\Desktop\RKreport[0]_S_08042013_184801.txt 2013-08-04 18:37 - 2009-07-13 21:34 - 85196800 _____ C:\Windows\system32\config\software.bak 2013-08-04 18:37 - 2009-07-13 21:34 - 18612224 _____ C:\Windows\system32\config\system.bak 2013-08-04 18:37 - 2009-07-13 21:34 - 00786432 _____ C:\Windows\system32\config\default.bak 2013-08-04 18:37 - 2009-07-13 21:34 - 00032768 _____ C:\Windows\system32\config\security.bak 2013-08-04 18:37 - 2009-07-13 21:34 - 00028672 _____ C:\Windows\system32\config\sam.bak 2013-08-04 18:36 - 2013-01-13 14:22 - 00000000 ____D C:\Windows\erdnt 2013-08-04 17:44 - 2013-02-23 19:07 - 00000000 ____D C:\ProgramData\MFAData 2013-08-03 13:25 - 2012-03-17 10:26 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-08-03 12:55 - 2009-07-14 00:13 - 00006588 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-03 12:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-03 12:27 - 2013-08-03 12:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf 2013-08-03 12:26 - 2013-08-03 12:26 - 00000894 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk 2013-08-03 12:26 - 2013-08-03 12:26 - 00000000 ____D C:\Program Files (x86)\NETGEAR 2013-08-03 12:26 - 2009-08-15 01:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-15 11:02 - 2011-02-27 12:39 - 00462336 ___SH C:\Users\Taylor\Documents\Thumbs.db ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 LastRegBack: 2013-06-03 00:39 ==================== End Of Log ============================