Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop ups all the time on computer [Solved]


  • This topic is locked This topic is locked

#76
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

Hello,  I have tried and tried to download DDS and I keep getting cannot display this webpage.  The last time I did it all went well but now it seems that the web page cannot be displayed.  I did get rid of Glary Utilities.  Glad you have your machine fixed.  I shall try to download DDS later and then if I cannot get it done, I will try again tomorrow if necessary.   I knew you would not like Glary Utilities for it is a registry cleaner and most computer people don't like that at all.  I did not download it...


  • 0

Advertisements


#77
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

I'm not blaming you for anything :)

You don't have to obtain a fresh copy of DDS, is there a particular reason why you can't just run the previous one?


  • 0

#78
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

I know you weren't, I just get frustrated at myself not you.  I have those saved on the desktop and will copy them and put them one here. 


  • 0

#79
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.67.2
Run by Sharon at 15:01:30 on 2014-08-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.9207.7875 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://rr.com/
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BR435NP05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{41C63DE6-900B-4DC6-ADEB-4CEA7576E539} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-8-26 17600]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-8-26 20672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-12 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-12 18956064]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-12 411936]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-12 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-12 40392]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-15 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-16 1255736]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-8-16 2151744]
.
=============== Created Last 30 ================
.
2014-08-29 14:34:15 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2BFF42C-6408-4FEE-8E9F-E7EDF0B27BEA}\offreg.dll
2014-08-29 14:33:26 1169712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 14:31:00 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2BFF42C-6408-4FEE-8E9F-E7EDF0B27BEA}\mpengine.dll
2014-08-29 00:59:52 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-29 00:59:52 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-28 23:34:07 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-08-28 13:35:00 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-28 00:43:14 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 00:43:14 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 00:43:14 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-26 16:34:13 20672 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
2014-08-26 16:34:11 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2014-08-26 16:34:11 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-08-26 16:34:11 -------- d-----w- C:\Users\Sharon\AppData\Roaming\GlarySoft
2014-08-26 16:33:58 -------- d-----w- C:\Program Files (x86)\Glary Utilities 5
2014-08-26 16:24:00 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-26 16:17:30 98816 ----a-w- C:\Windows\sed.exe
2014-08-26 16:17:30 256000 ----a-w- C:\Windows\PEV.exe
2014-08-26 16:17:30 208896 ----a-w- C:\Windows\MBR.exe
2014-08-26 16:13:48 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:02:04 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-26 16:00:55 -------- d-----w- C:\AdwCleaner
2014-08-20 17:36:34 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B60F421-1E13-4135-B8B6-8D634FC5C964}\gapaengine.dll
2014-08-18 19:22:07 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-08-18 17:24:48 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24:37 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-18 17:24:37 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-18 17:24:37 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-17 22:20:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-08-17 22:20:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-17 15:36:01 -------- d-----w- C:\Users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35:01 -------- d-----w- C:\ProgramData\SparkTrust
2014-08-16 21:02:07 -------- d-----w- C:\Users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01:04 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29:59 -------- d-----w- C:\FRST
2014-08-16 15:35:24 -------- d-----w- C:\ProgramData\ProductData
2014-08-16 15:34:14 -------- d-----w- C:\ProgramData\IObit
2014-08-16 15:33:39 -------- d-----w- C:\Users\Sharon\AppData\Roaming\IObit
2014-08-16 15:33:35 -------- d-----w- C:\Program Files (x86)\IObit
2014-08-16 15:02:31 -------- d-----w- C:\Program Files (x86)\TotalSystemCare
2014-08-16 02:17:31 -------- d-----w- C:\Users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17:21 -------- d-----w- C:\ProgramData\MyTurboPC.com
2014-08-15 16:22:32 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 16:22:32 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 16:22:32 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 16:22:32 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 16:22:31 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 16:22:30 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 16:22:18 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22:18 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 11:57:37 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 11:57:37 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 11:57:36 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 11:57:35 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-13 15:13:26 -------- d-----w- C:\Users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27:38 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-08-12 20:27:38 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27:38 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-08-12 20:27:38 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27:37 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-08-12 20:27:37 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27:18 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-12 20:27:18 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-12 20:27:18 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-08-12 20:27:18 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-12 20:27:18 -------- d-----w- C:\Users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:26:40 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-12 20:22:45 -------- d-----w- C:\NVIDIA
2014-08-08 14:51:58 -------- d-----w- C:\ProgramData\d84b8fff6566939a
2014-08-08 14:51:57 -------- d-----w- C:\Users\Sharon\AppData\Local\Packages
2014-08-08 14:51:55 -------- d-----w- C:\Users\Sharon\AppData\Local\Comodo
2014-08-02 14:48:32 -------- d-----w- C:\Users\Sharon\AppData\Local\Spoon
2014-08-02 14:48:32 -------- d-----w- C:\GEARView Basic Dev
2014-08-02 11:47:08 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-02 11:47:00 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-02 11:47:00 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-02 11:46:47 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-02 11:46:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-02 11:46:46 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-02 11:46:46 198600 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M  ====================
.
2014-08-15 00:53:33 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53:33 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-24 12:10:54 2240000 ----a-w- C:\Windows\System32\wininet.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-24 09:37:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-07-24 09:32:28 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 15:01:57.89 ===============
 


  • 0

#80
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2014 7:57:11 PM
System Uptime: 8/29/2014 12:32:02 PM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | TRUCKEE
Processor: Intel® Core™ i7 CPU         920  @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 415.158 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP162: 8/29/2014 9:10:16 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Glary Utilities 5.6
Hallmark Card Studio 2011 Deluxe
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP Photo Creations
Java 7 Update 67
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 31.0 (x86 en-US)
NVIDIA 3D Vision Controller Driver 340.50
NVIDIA 3D Vision Driver 340.52
NVIDIA Control Panel 340.52
NVIDIA GeForce Experience 2.1.1
NVIDIA Graphics Driver 340.52
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 15.3.33
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 15.3.33
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
PowerProducer
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/29/2014 9:07:51 AM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
8/29/2014 9:07:24 AM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort5.
8/28/2014 7:00:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
8/26/2014 8:28:18 AM, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
8/26/2014 12:21:52 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/24/2014 5:26:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
 


  • 0

#81
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

I am going to stop Roadrunner as my email for they have so much trouble all the time and half the time you can not email nor open mail.  So when I get this figured out, I will let you know.


  • 0

#82
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

I am going to keep getting email on Roadrunner for now for I really don't want to deal with it.  I thought I could just go to a new email site and start from there.  So forget that message please.  You told me to tell you if I noticed things.  Well, this machine used to be fast.  Now it takes a long time to get anywhere and many times will not connect.  Could I have some sort of virus going on here?


  • 0

#83
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

The ain point is these are logs before uninstalling glarysoft, while I need to see the ones after.


EXEfile7.png Scan with DDS

Please re-run DDS.

  • Right-click on EXEfile7.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • In the console make sure that Attach option is checked and click Start.
  • You will be presented with a black window containing information about the scanning.
  • Upon completion you will be prompted and two logfiles will appear: DDS.txt and Attach.txt.

Please include their content in your next reply.


  • 0

#84
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

I can't even click on DDS to get to the web page.  I have tried and tried.  I went back to the older one you told me to do the same thing and I still could not click on it to open DDS.


  • 0

#85
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

What is blocking the access? Some kind of window? Be descriptive, please.


  • 0

Advertisements


#86
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

I go to click on it and the arrow disappears.  Not sure if it is getting blocked or what.   Hard for me to describe what is happening for I really don't know why it won't check on the DDS.  I have done that several times before and was able to go there.  I deleted the ones that were on the desktop thinking that may be a problem.  Of course, it was not.  Wish I could help you more here for I do think things get frustrating at times and I really don't know why. 


  • 0

#87
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.67.2
Run by Sharon at 17:52:10 on 2014-09-03
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.9207.7993 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://rr.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BR435NP05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{41C63DE6-900B-4DC6-ADEB-4CEA7576E539} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-12 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-12 18956064]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-12 411936]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-12 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-12 40392]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-8-16 2151744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-15 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-16 1255736]
.
=============== Created Last 30 ================
.
2014-09-03 15:08:47    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EDB7BCA-8F3D-46CA-B4CF-60501767A22D}\offreg.dll
2014-09-03 15:08:07    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EDB7BCA-8F3D-46CA-B4CF-60501767A22D}\mpengine.dll
2014-09-02 19:34:18    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-31 16:52:26    --------    d-----w-    C:\Users\Sharon\AppData\Local\Nova Development
2014-08-31 16:50:12    --------    d-----w-    C:\Program Files (x86)\Nova Development
2014-08-29 14:33:26    1169712    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 00:59:52    600064    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-29 00:59:52    523776    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-28 00:55:13    226304    ----a-w-    C:\Windows\System32\elshyph.dll
2014-08-28 00:43:14    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 00:43:14    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 00:43:14    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-26 16:34:11    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\GlarySoft
2014-08-26 16:24:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-08-26 16:17:30    98816    ----a-w-    C:\Windows\sed.exe
2014-08-26 16:17:30    256000    ----a-w-    C:\Windows\PEV.exe
2014-08-26 16:17:30    208896    ----a-w-    C:\Windows\MBR.exe
2014-08-26 16:13:48    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:02:04    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-08-26 16:00:55    --------    d-----w-    C:\AdwCleaner
2014-08-18 19:22:07    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-08-18 17:24:48    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24:37    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-18 17:24:37    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-08-18 17:24:37    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-08-17 22:20:14    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-08-17 22:20:14    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-17 15:36:01    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35:01    --------    d-----w-    C:\ProgramData\SparkTrust
2014-08-16 21:02:07    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01:04    --------    d-----w-    C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29:59    --------    d-----w-    C:\FRST
2014-08-16 15:35:24    --------    d-----w-    C:\ProgramData\ProductData
2014-08-16 15:34:14    --------    d-----w-    C:\ProgramData\IObit
2014-08-16 15:33:39    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\IObit
2014-08-16 15:33:35    --------    d-----w-    C:\Program Files (x86)\IObit
2014-08-16 15:02:31    --------    d-----w-    C:\Program Files (x86)\TotalSystemCare
2014-08-16 02:17:31    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17:21    --------    d-----w-    C:\ProgramData\MyTurboPC.com
2014-08-15 16:22:32    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-15 16:22:32    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-15 16:22:32    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-15 16:22:32    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-15 16:22:31    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-15 16:22:30    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-15 16:22:18    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22:18    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-15 11:57:37    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 11:57:37    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-08-15 11:57:36    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-15 11:57:35    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-08-13 15:13:26    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27:38    511328    ----a-w-    C:\Windows\System32\d3dx10_43.dll
2014-08-12 20:27:38    470880    ----a-w-    C:\Windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27:38    276832    ----a-w-    C:\Windows\System32\d3dx11_43.dll
2014-08-12 20:27:38    248672    ----a-w-    C:\Windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27:37    2401112    ----a-w-    C:\Windows\System32\D3DX9_43.dll
2014-08-12 20:27:37    1998168    ----a-w-    C:\Windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27:18    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-08-12 20:27:18    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-08-12 20:27:18    1283136    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-08-12 20:27:18    1126480    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-08-12 20:27:18    --------    d-----w-    C:\Users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:26:40    609240    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-08-12 20:22:45    --------    d-----w-    C:\NVIDIA
2014-08-08 14:51:58    --------    d-----w-    C:\ProgramData\d84b8fff6566939a
2014-08-08 14:51:57    --------    d-----w-    C:\Users\Sharon\AppData\Local\Packages
2014-08-08 14:51:55    --------    d-----w-    C:\Users\Sharon\AppData\Local\Comodo
.
==================== Find3M  ====================
.
2014-08-15 00:53:33    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53:33    699568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-24 12:10:54    2240000    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-24 12:09:37    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-24 12:09:33    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-24 12:09:33    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-07-24 12:09:00    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-24 10:52:27    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-24 10:51:27    2861568    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-24 10:51:22    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-24 10:51:22    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-24 10:29:20    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-24 09:37:18    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2014-07-24 09:32:28    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43    6783776    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43    3522392    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41    935368    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41    62808    ----a-w-    C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41    386520    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12    3826628    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 17:52:30.79 ===============
 


  • 0

#88
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.67.2
Run by Sharon at 17:52:10 on 2014-09-03
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.9207.7993 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://rr.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BR435NP05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Workshop 8.0\ReminderApp.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{41C63DE6-900B-4DC6-ADEB-4CEA7576E539} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\uh4rokfq.default-1408223660292\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-12 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-12 18956064]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-12 411936]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-12 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-12 40392]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-8-16 2151744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-15 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-16 1255736]
.
=============== Created Last 30 ================
.
2014-09-03 15:08:47    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EDB7BCA-8F3D-46CA-B4CF-60501767A22D}\offreg.dll
2014-09-03 15:08:07    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EDB7BCA-8F3D-46CA-B4CF-60501767A22D}\mpengine.dll
2014-09-02 19:34:18    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-31 16:52:26    --------    d-----w-    C:\Users\Sharon\AppData\Local\Nova Development
2014-08-31 16:50:12    --------    d-----w-    C:\Program Files (x86)\Nova Development
2014-08-29 14:33:26    1169712    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D48645E-742C-42C3-B031-0601980B1F73}\gapaengine.dll
2014-08-29 00:59:52    600064    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-29 00:59:52    523776    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-28 00:55:13    226304    ----a-w-    C:\Windows\System32\elshyph.dll
2014-08-28 00:43:14    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 00:43:14    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 00:43:14    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-26 16:34:11    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\GlarySoft
2014-08-26 16:24:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-08-26 16:17:30    98816    ----a-w-    C:\Windows\sed.exe
2014-08-26 16:17:30    256000    ----a-w-    C:\Windows\PEV.exe
2014-08-26 16:17:30    208896    ----a-w-    C:\Windows\MBR.exe
2014-08-26 16:13:48    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-26 16:02:04    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-08-26 16:00:55    --------    d-----w-    C:\AdwCleaner
2014-08-18 19:22:07    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-08-18 17:24:48    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-18 17:24:37    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-18 17:24:37    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-08-18 17:24:37    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-08-17 22:20:14    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-08-17 22:20:14    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-17 15:36:01    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\SparkTrust
2014-08-17 15:35:01    --------    d-----w-    C:\ProgramData\SparkTrust
2014-08-16 21:02:07    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\ProductData
2014-08-16 21:01:04    --------    d-----w-    C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-08-16 20:29:59    --------    d-----w-    C:\FRST
2014-08-16 15:35:24    --------    d-----w-    C:\ProgramData\ProductData
2014-08-16 15:34:14    --------    d-----w-    C:\ProgramData\IObit
2014-08-16 15:33:39    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\IObit
2014-08-16 15:33:35    --------    d-----w-    C:\Program Files (x86)\IObit
2014-08-16 15:02:31    --------    d-----w-    C:\Program Files (x86)\TotalSystemCare
2014-08-16 02:17:31    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\MyTurboPC.com
2014-08-16 02:17:21    --------    d-----w-    C:\ProgramData\MyTurboPC.com
2014-08-15 16:22:32    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-15 16:22:32    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-15 16:22:32    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-15 16:22:32    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-15 16:22:31    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-15 16:22:30    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-15 16:22:18    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 16:22:18    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-15 11:57:37    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 11:57:37    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-08-15 11:57:36    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-15 11:57:35    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-08-13 15:13:26    --------    d-----w-    C:\Users\Sharon\AppData\Roaming\DiskDefrag
2014-08-12 20:27:38    511328    ----a-w-    C:\Windows\System32\d3dx10_43.dll
2014-08-12 20:27:38    470880    ----a-w-    C:\Windows\SysWow64\d3dx10_43.dll
2014-08-12 20:27:38    276832    ----a-w-    C:\Windows\System32\d3dx11_43.dll
2014-08-12 20:27:38    248672    ----a-w-    C:\Windows\SysWow64\d3dx11_43.dll
2014-08-12 20:27:37    2401112    ----a-w-    C:\Windows\System32\D3DX9_43.dll
2014-08-12 20:27:37    1998168    ----a-w-    C:\Windows\SysWow64\D3DX9_43.dll
2014-08-12 20:27:18    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-08-12 20:27:18    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-08-12 20:27:18    1283136    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-08-12 20:27:18    1126480    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-08-12 20:27:18    --------    d-----w-    C:\Users\Sharon\AppData\Local\NVIDIA Corporation
2014-08-12 20:26:40    609240    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-08-12 20:22:45    --------    d-----w-    C:\NVIDIA
2014-08-08 14:51:58    --------    d-----w-    C:\ProgramData\d84b8fff6566939a
2014-08-08 14:51:57    --------    d-----w-    C:\Users\Sharon\AppData\Local\Packages
2014-08-08 14:51:55    --------    d-----w-    C:\Users\Sharon\AppData\Local\Comodo
.
==================== Find3M  ====================
.
2014-08-15 00:53:33    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 00:53:33    699568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-24 12:10:54    2240000    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-24 12:09:37    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-24 12:09:33    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-24 12:09:33    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-07-24 12:09:00    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-24 10:52:27    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-24 10:51:27    2861568    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-24 10:51:22    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-24 10:51:22    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-24 10:29:20    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-24 09:37:18    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2014-07-24 09:32:28    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43    6783776    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43    3522392    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41    935368    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41    62808    ----a-w-    C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41    386520    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12    3826628    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 17:52:30.79 ===============
 


  • 0

#89
Sharon Lee

Sharon Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 512 posts

I got these by going to their web site.  I hope this is what you want.   Should have went to Google earlier, 


  • 0

#90
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

batch-win7.png Run Batch Script
We need to prepare a batch script file.

  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script:
    @echo off
    sc stop LiveUpdateSvc
    sc delete LiveUpdateSvc
    rd "C:\Program Files (x86)\IObit"
    rd "C:\Users\Sharon\AppData\Roaming\GlarySoft"
    del "C:\Windows\SysWow64\sqlite3.dll"
    rd "C:\Users\Sharon\AppData\Roaming\SparkTrust"
    rd "C:\ProgramData\SparkTrust"
    rd "C:\Users\Sharon\AppData\Roaming\ProductData"
    rd "C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}"
    rd "C:\ProgramData\ProductData"
    rd "C:\ProgramData\IObit"
    rd "C:\Users\Sharon\AppData\Roaming\IObit"
    rd "C:\Program Files (x86)\TotalSystemCare"
    rd "C:\Users\Sharon\AppData\Roaming\MyTurboPC.com"
    rd "C:\ProgramData\MyTurboPC.com"
    rd "C:\ProgramData\d84b8fff6566939a"
    rd "C:\Users\Sharon\AppData\Local\Packages"
    rd "C:\Users\Sharon\AppData\Local\Comodo"
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" /f
    del %0
    
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to All Files (*.*) and the place to save will be your desktop.
  • Name the file fix.bat and select Save.

After that, your prepared fix.bat file should be located on your desktop.

  • Right-click on the batch-win7.png icon and select RunAsAdmin.jpg Run as Administrator to start the script.
  • This procedure may take some time. Please be patient and let it run uninterrupted!

After this please post me a FRESH DDS report :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP