Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Lavasoft Securesearch virus (adware, redirects, bluescreens)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Lavasoft Securesearch virus (adware, redirects, bluescreens)

Unread postby fortserious » August 18th, 2013, 3:16 pm

Hi all!

I recently re-installed Lavasoft Ad-aware on my machine after a few years of not using it, and it seems like that was a big mistake. I have caught the Lavasoft Securesearch redirect virus, which has also precipitated some rather strange and catastrophic effects on my machine.

For a few days after install, it had been occasionally loading up the securesearch page and I ran some malware scans with malwarebytes anti-removal but it didn't find anything. The page itself was harmless so I was only mildly annoyed.

However, a few nights ago, when it loaded up the securesearch page, it actually ended up force-restarting my computer and lost a few unsaved documents in the process - and when my laptop booted up again, I got a bluescreen.

Here's where things get weird:

I rebooted again, and this time when the computer booted, it played a heavily layered cacophony of the following sounds, played on top of each other:

- Audio excerpt of a cooking show
- The Lumineers - Ho Hey (Belong With You)
- Audio excerpt of some other advertisement

(A short video example, for your amusement: http://www.youtube.com/watch?v=sg2qTnf8W0Q )

It bluescreened shortly thereafter, and now, booting the computer (even in safe mode) can result in a bluescreen, usually after about five minutes.

I was able to quickly run DDS and I have the logs here for your perusal. Please let me know if there's anything we can run to help me regain control of my machine!

Thanks a ton :)
- Ross

DDS.txt:
Code: Select all
.
DDS (Ver_11-03-05.01) - NTFS_AMD64 MINIMAL 
Run by ross at 15:03:12.26 on Sun 08/18/2013
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8106.6810 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_2&ent=hp&u=1F5755235989DED6906CDB51FD2F3441
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Savings Ship: {11111111-1111-1111-1111-110211841130} - C:\Program Files (x86)\Savings Ship\Savings Ship-bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DownloadTerms: {2c4ba31c-0c15-11e2-90c7-9bfcbeb168b3} - C:\Users\ross\AppData\Local\DownloadTerms\temp.dat
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Google Update] "C:\Users\ross\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\ross\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [MusicManager] "C:\Users\ross\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [AdobeBridge] 
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [ClipCube] C:\Users\ross\Documents\my shit\app\ClipCube-1.2.1\ClipCube.exe
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
uRun: [Spotify Web Helper] "C:\Users\ross\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [EasyPHP] "C:\Program Files (x86)\EasyPHP-5.3.9\EasyPHP-5.3.9.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>] 
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\Users\ross\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FOCUSB~1.LNK - C:\Program Files (x86)\focus booster\focus booster.exe
StartupFolder: C:\Users\ross\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://webvpn.usps.gov/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://webvpn.usps.gov/CACHE/sdesktop/install/binaries/instweb.cab
TCP: 24279616E6 = 8.8.8.8,8.8.4.4
TCP: {FB9E0EB0-2869-43B5-9540-6002636C546F} = 8.8.8.8
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64:     McAfee Phishing Filter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
mRun-x64: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
mRun-x64: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [jEdit Server] "C:\Program Files\jEdit\jedit.exe" -background -nogui --l4j-dont-wait
AppInit_DLLs-X64: C:\Windows\system32\nvinitx.dll
STS-X64: Stardock Vista ControlPanel Extension: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
STS-X64: StardockDreamController: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
STS-X64: Deskscapes Class: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\yu2xyjgf.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_2&ent=hp&u=1F5755235989DED6906CDB51FD2F3441
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_2&hsimp=yhs-lavasoft&ent=bs&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\ross\AppData\Local\Citrix\Plugins\92\npappdetector.dll
FF - plugin: C:\Users\ross\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\ross\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\ross\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\ross\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-6-17 24968]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-8-3 14456]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-7 30056]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-6 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-5-6 21616]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-5-6 27760]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-6 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-5-6 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-5-6 181760]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
S1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-12-7 284008]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-6 98208]
S2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-4-11 43912]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/01/27 00:09:35;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-6-25 242448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-6-5 116648]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-22 1258856]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-6 689472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-10-1 8786848]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-14 4153184]
S2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-10-1 565152]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-6 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-4-4 256904]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2009-6-17 34440]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-5-6 175168]
S3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-12-28 20752]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-6-5 116648]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-10-1 13728]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2011-6-27 31744]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-6 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-6 317440]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2009-6-17 30344]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-6 174168]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-22 117144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-5-6 8505856]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-12-7 189288]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-5-6 121960]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-5-6 29288]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-6 412264]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-2-7 161432]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-10-1 68512]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-10-1 15736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-09 02:36:13	--------	d-----w-	C:\Users\ross\fujiya & miyagi - transparent things (2006)
2013-08-09 01:03:38	9460976	----a-w-	C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{490F7470-1691-4F35-A336-519A9B0214A1}\mpengine.dll
2013-08-07 19:03:55	9460976	----a-w-	C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-03 16:38:46	--------	d-----w-	C:\Users\ross\AppData\Roaming\LavasoftStatistics
2013-08-03 16:26:53	--------	d-----w-	C:\PROGRA~3\Downloaded Installations
2013-08-03 16:26:49	--------	d-----w-	C:\PROGRA~3\Search Protection
2013-08-03 16:26:48	--------	d-----w-	C:\PROGRA~3\blekko toolbars
2013-08-03 16:26:47	--------	d-----w-	C:\Users\ross\AppData\Local\adawarebp
2013-08-03 16:26:46	--------	d-----w-	C:\PROGRA~3\Ad-Aware Browsing Protection
2013-08-03 16:26:39	--------	d-----w-	C:\Program Files (x86)\Toolbar Cleaner
2013-08-03 16:26:26	--------	d-----w-	C:\Program Files (x86)\Lavasoft
2013-08-03 16:23:59	14456	----a-w-	C:\Windows\System32\drivers\gfibto.sys
2013-08-02 18:54:30	--------	d-----w-	C:\Users\ross\AppData\Roaming\ObviousIdea
2013-08-02 18:43:08	--------	d-----w-	C:\Program Files (x86)\BasicServe
2013-08-02 18:43:08	--------	d-----w-	C:\PROGRA~3\BasicServe
2013-08-02 18:42:28	--------	d-----w-	C:\Users\ross\AppData\Local\Updater28430
2013-08-02 18:42:16	--------	d-----w-	C:\Users\ross\AppData\Local\DownloadTerms
2013-08-02 18:42:13	--------	d-----w-	C:\Users\ross\AppData\Local\SwvUpdater
2013-08-02 18:42:10	--------	d-----w-	C:\Users\ross\AppData\Local\Savings Ship
2013-08-02 18:42:09	--------	d-----w-	C:\Program Files (x86)\Savings Ship
2013-08-02 18:40:54	--------	d-----w-	C:\Program Files (x86)\ObviousIdea
2013-08-02 17:47:22	--------	d-----w-	C:\Users\ross\AppData\Roaming\com.focusboosterapp.focusbooster.air
2013-08-02 17:47:20	--------	d-----w-	C:\Program Files (x86)\focus booster
2013-08-02 07:03:09	--------	d-----w-	C:\Users\ross\AppData\Roaming\com.focusboosterapp.focusbooster
2013-07-30 04:46:46	--------	d-----w-	C:\Users\ross\AppData\Roaming\Sublime Text 3
2013-07-30 04:46:46	--------	d-----w-	C:\Users\ross\AppData\Local\Sublime Text 3
2013-07-30 04:45:53	--------	d-----w-	C:\Program Files\Sublime Text 3
.
==================== Find3M  ====================
.
2013-06-12 03:32:19	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 03:32:19	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 15:05:08.14 ===============


Attach.txt:

Code: Select all
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2011 10:32:23 PM
System Uptime: 8/18/2013 3:01:04 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0NJT03
Processor: Intel(R) Core(TM) i7-2820QM CPU @ 2.30GHz | CPU | 2294/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 39.107 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: 
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: 
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: 
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 
.
Class GUID: 
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: 
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service: 
.
Class GUID: 
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: 
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service: 
.
Class GUID: 
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: 
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service: 
.
Class GUID: 
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: 
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP2025dn
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025dn
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: HP
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service: 
.
Class GUID: 
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: 
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service: 
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP509: 8/2/2013 1:46:29 PM - Removed focus booster
RP510: 8/2/2013 1:57:16 PM - Windows Update
RP511: 8/6/2013 2:50:41 PM - Windows Update
.
==== Installed Programs ======================
.
8500A909_BasicWeb
8500A909_Help_BasicWeb
AccelerometerP11
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.1.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Story
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
Advanced Audio FX Engine
Amazon MP3 Downloader 1.0.17
Android SDK Tools
AnyDVD
Apple Application Support
Apple Software Update
Armadillo Run 1.0.3
Audacity 1.3.13 (Unicode)
Audiosurf
Autodesk SketchBook Pro 6
aWARemote Server version 2.0.3
Bing Bar
Bing Bar Platform
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Camtasia Studio 5
Cisco WebEx Meetings
Connect
Consumer In-Home Service Agreement
Cool Edit Pro 2.1
Cozi
CyberLink PowerDVD 9.6
D3DX10
Daum PotPlayer 1.5.32007
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Dear Esther
Debut Video Capture Software
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
DeskScapes
DirectX 9 Runtime
DivX Setup
DOOM II: Hell on Earth
DownloadTerms
DVD Shrink 3.2
eBay
FEZ
ffdshow [rev 3154] [2009-12-09]
FFsplit version Alpha
FileMaker Pro 11 Advanced
FileZilla Client 3.7.1
focus booster
Fraps
Git version 1.8.1.2-preview20130201
GitHub
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 5.4.0.1082
Grand Theft Auto: Vice City
Half-Life 2: Episode One
HP Officejet Pro 8500 A910 Help
Image Resizer for Windows
ImgBurn
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Wireless Display
Internet Explorer
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2
JavaFX 2.0.2 SDK
JDownloader 0.9
Junk Mail filter update
kuler
Last.fm Scrobbler 2.1.33
Light Image Resizer 4.4.2.0
LIMBO
MagicDisc 2.7.106
Magnifixer 3.2
Malwarebytes Anti-Malware version 1.75.0.1300
Manga Studio Debut 4.0
Manga Studio EX 4.0
Mass Effect
Mesh Runtime
Messenger Companion
MetallicWing
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual FoxPro 9.0 Professional - English
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MiPony 1.6.2
mIRC
Mischief 1.06
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 en-US)
MPC-HC 1.6.5.6366
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Music Manager
Nightly 14.0a1 (x86 en-US)
Node.js
Nokia Connectivity Cable Driver
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Open Broadcaster Software
OpenAL
OpenOffice.org 3.3
Parts&Vendors 6.0
PC Connectivity Solution
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
PhotoShowExpress
Picasa 3
Pixel Bender Toolkit
Plex Media Server
Portal 2
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
SABnzbd 0.6.14
Savings Ship
Scan
Skype™ 6.3
Snagit 10
Snapshot
Sonic CinePlayer Decoder Pack
SourceTree
SpinAudio VSTDX Wrapper 1.0 Demo
Spotify
Steam
Stickies 7.1a
SugarSync Manager
Suite Shared Configuration CS4
Super Meat Boy
System Requirements Lab CYRI
t@b ZS4 Video Editor v0.958-686
TeamViewer 8
TechSmith Screen Capture Codec
The Longest Journey
Toolbox
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
VC80CRTRedist - 8.0.50727.6195
Visual FoxPro 9.0 Baseline - English
Visual FoxPro 9.0 Professional - English
VLC media player 2.0.1
Webcam to GIF converter
WebReg
WebTablet FB Plugin 32 bit
Winamp
Winamp Detector Plug-in
Winamp Essentials Pack
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
XSplit
Yahoo! Detect
Zyzzyva
.
==== Event Viewer Messages From Past Week ========
.
8/18/2013 3:05:10 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following 

error:  The dependency service or group failed to start.
8/18/2013 3:03:31 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the 

following error:  The dependency service or group failed to start.
8/18/2013 3:02:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-

11D8-B9A5-505054503030}
8/18/2013 3:02:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-

4F1F-BEB7-5C22C517CE39}
8/18/2013 3:02:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-

43CE-924B-0704BD730D5F}
8/18/2013 3:02:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-

4927-A040-7C35AD3180EF}
8/18/2013 3:02:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419

-11D9-A5B4-001185AD2B89}
8/18/2013 3:02:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-

11D1-B1D0-00805FC1270E}
8/18/2013 3:02:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-

5536-11D1-B726-00C04FB926AF}
8/18/2013 3:02:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: 

{DD522ACC-F821-461A-A407-50B198B896DC}
8/18/2013 3:01:49 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature 

Version: 1.155.1843.0  	Update Source: Microsoft Update Server  	Update Stage: Search  	Source Path: Default URL  	Signature Type: AntiVirus  	Update Type: Full  	User: NT 

AUTHORITY\SYSTEM  	Current Engine Version:   	Previous Engine Version: 1.1.9700.0  	Error code: 0x8007043c  	Error description: This service cannot be started in Safe Mode 
8/18/2013 3:01:49 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature 

Version: 1.155.1843.0  	Update Source: Microsoft Malware Protection Center  	Update Stage: Search  	Source Path: http://go.microsoft.com/fwlink/?

LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9700.0&avdelta=1.155.1843.0&asdelta=1.155.1843.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  	Signature Type: AntiVirus  	Update Type: Full  	User: 

NT AUTHORITY\NETWORK SERVICE  	Current Engine Version:   	Previous Engine Version: 1.1.9700.0  	Error code: 0x80072ee7  	Error description: The server name or address could not be 

resolved 
8/18/2013 3:01:49 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature 

Version: 1.155.1843.0  	Update Source: Microsoft Malware Protection Center  	Update Stage: Search  	Source Path: http://go.microsoft.com/fwlink/?

LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9700.0&avdelta=1.155.1843.0&asdelta=1.155.1843.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  	Signature Type: AntiSpyware  	Update Type: Full  	User: 

NT AUTHORITY\NETWORK SERVICE  	Current Engine Version:   	Previous Engine Version: 1.1.9700.0  	Error code: 0x80072ee7  	Error description: The server name or address could not be 

resolved 
8/18/2013 3:01:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1

-40AA-86AC-DB1CBF673334}
8/18/2013 3:01:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 

0xfffff88003e88a28, 0xfffff88003e88290). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081813-22386-01.
8/18/2013 3:01:31 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched 

rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/18/2013 3:01:31 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start 

because of the following error:  A device attached to the system is not functioning.
8/18/2013 3:01:31 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the 

following error:  The dependency service or group failed to start.
8/18/2013 3:01:31 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the 

following error:  The dependency service or group failed to start.
8/18/2013 3:01:31 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the 

following error:  The dependency service or group failed to start.
8/18/2013 3:01:31 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  

The dependency service or group failed to start.
8/18/2013 3:01:31 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of 

the following error:  The dependency service or group failed to start.
8/18/2013 3:01:29 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  

The dependency service or group failed to start.
8/18/2013 3:01:29 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the 

following error:  A device attached to the system is not functioning.
8/18/2013 3:01:29 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the 

following error:  A device attached to the system is not functioning.
8/18/2013 3:01:29 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A 

device attached to the system is not functioning.
8/18/2013 3:01:29 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following 

error:  A device attached to the system is not functioning.
.
==== End Of File ===========================
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm
Advertisement
Register to Remove

Re: Lavasoft Securesearch virus (adware, redirects, bluescre

Unread postby pgmigg » August 18th, 2013, 6:37 pm

Hello fortserious,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Lavasoft Securesearch virus (adware, redirects, bluescre

Unread postby pgmigg » August 18th, 2013, 11:33 pm

Hello fortserious,

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click on CKScanner.exe and select Run as administrator..., then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select Run as administrator...
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Then
Please place the contents of all your logs directly in the body of the post instead of inserting it in the 'Code" frame as you made already.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by CKFiles.txt
  3. Contents of the codecheck.txt log file
  4. Answers for my questions related to type of using of your computer
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Lavasoft Securesearch virus (adware, redirects, bluescre

Unread postby fortserious » August 19th, 2013, 12:22 pm

Hi pgmigg, thanks for your reply!

A. I had no problem executing the instructions, but find it pertinent to mention that while booting in safe mode, a Lavasoft Ad-Aware setup began to execute that I cancelled immediately.

B.
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\jdownloader\jd\plugins\hoster\crackedcom.class
c:\jdownloader\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files (x86)\android\android-sdk\docs\reference\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygenerator.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygeneratorspi.html
c:\program files (x86)\cyberlink\powerdvd9\navfilter\kmsvc.exe
c:\program files (x86)\git\bin\ssh-keygen.exe
c:\program files (x86)\plex\plex media server\resources\plug-ins\siteconfigurations.bundle\contents\resources\crackle.xml
c:\program files (x86)\steam\steamapps\common\audiosurf\engine\crypt.dll
c:\program files (x86)\steam\steamapps\common\audiosurf\engine\channels\crypt.dll
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\esther\decals\cracks_001.vmt
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\esther\decals\cracks_001.vtf
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\esther\decals\cracks_002.vmt
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\esther\decals\cracks_002.vtf
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\esther\decals\cracks_003.vmt
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\esther\decals\cracks_003.vtf
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\models\esther\donnely\cracks_001.vmt
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\models\esther\donnely\cracks_002.vmt
c:\program files (x86)\steam\steamapps\common\dear esther\dearesther\materials\models\esther\donnely\cracks_003.vmt
c:\users\ross\desktop\art backup\dorawins\firecracker.fla
c:\users\ross\desktop\art backup\dorawins\oystercrackers.fla
c:\users\ross\desktop\art backup\dorawins\wisecracker.fla
c:\users\ross\desktop\art backup\dorawins\shirtsz\reworked\pantone - wisecracker.ai
c:\users\ross\desktop\art backup\dorawins\shirtsz\reworked\wisecracker (auto pantone test).ai
c:\users\ross\desktop\art backup\dorawins\shirtsz\reworked\wisecracker-redraw.ai
c:\users\ross\desktop\art backup\dorawins\shirtsz\reworked\wisecracker.ai
c:\users\ross\desktop\art backup\dorawins\shirtsz\reworked\wisecracker.fla
c:\users\ross\desktop\art backup\dorawins\shirtsz\reworked\wisecracker.fxg
c:\users\ross\desktop\art in progress\dorawins\firecracker.fla
c:\users\ross\desktop\art in progress\dorawins\oystercrackers.fla
c:\users\ross\desktop\art in progress\dorawins\wisecracker.fla
c:\users\ross\desktop\art in progress\dorawins\shirtsz\reworked\pantone - wisecracker.ai
c:\users\ross\desktop\art in progress\dorawins\shirtsz\reworked\wisecracker (auto pantone test).ai
c:\users\ross\desktop\art in progress\dorawins\shirtsz\reworked\wisecracker-redraw.ai
c:\users\ross\desktop\art in progress\dorawins\shirtsz\reworked\wisecracker.ai
c:\users\ross\desktop\art in progress\dorawins\shirtsz\reworked\wisecracker.fla
c:\users\ross\desktop\art in progress\dorawins\shirtsz\reworked\wisecracker.fxg
c:\users\ross\documents\my shit\personal\chrome backup\default\local storage\http_www.cracked.com_0.localstorage
c:\users\ross\documents\my shit\personal\chrome backup\default\local storage\http_www.cracked.com_0.localstorage-journal
scanner sequence 3.ZZ.11.ERNAF0
----- EOF -----

C.
Codecheck Version 1.0

08019

D. This is my personal computer. I use it for games, art and personal projects.

E. I rebooted my computer normally, and it continued playing strange audio (a PSA from a woman explaining her rash symptoms, to my sister's amusement). It bluescreened after about five minutes.

Thanks for your help thus far!

-Ross
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

Re: Lavasoft Securesearch virus (adware, redirects, bluescre

Unread postby Cypher » August 20th, 2013, 4:42 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 388 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware