Hi there,
Lately all my web browsers seem to be getting hijacked. I mainly use Chrome but after seeing issues I check IE and Firefox as well (all installed on my PC) and the exhibit the same or similar issues.
I'll notice it when I open a browser - the homepage has been redirected to a different website, and the default search provider has also been changed.. So far it's been lucky searches, delta homes, v9.com. If I try to change the default homepage, it'll just revert back to the unwanted one. Also I'll find some sort of program has installed itself (looking at the list of installed Programs in Control Panel).
So far I've managed to clean it all up just by running Malwarebytes and Avast (the lucky searches one was a **** to get rid of) but it seems like every week there's a new one that's installed itself.
Opened up Chrome this morning to find the latest one (v9.com) so I thought I'd take a log of the Malwarebytes scan and HiJackThis and let you guys have a look.
Here is the Malwarebytes log (HiJackThis log is underneath). Thanks for your help!
================================================== ===
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 13/06/2015
Scan Time: 10:45:58 a.m.
Logfile: Malwarebytes 13062015.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.06.12.07
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sam
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381487
Time Elapsed: 35 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 7
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [c0170cad0f7be650cb46830963a26d93],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, , [4b8c3b7e99f1280ed53d137945c053ad],
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, , [bb1c9d1ce6a43402c93e681b59ac718f],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [6e69b900fb8f6bcb7799197331d47a86],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-3896505289-1607041351-1423294743-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [6b6c2c8d9bef181ecf4177152fd6ee12],
PUP.Optional.V9.A, HKU\S-1-5-21-3896505289-1607041351-1423294743-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, , [1cbb7c3d226849ed62a486fd798c52ae],
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-3896505289-1607041351-1423294743-1000\SOFTWARE\PRODUCTSETUP, , [0bccf7c25238ea4c893c9dee8d7831cf],
Registry Values: 4
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, http://www.v9.com/web?type=ds&ts=1433832589&from=zzgbkk123&uid=32199 13727_67194_b07d422f&z=2b4f4575e19367792288a9bgez1 cacab4cfo4wdt1c&q={searchTerms}, , [bb1c9d1ce6a43402c93e681b59ac718f]
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, http://www.v9.com/favicon.ico?t=1, , [cc0b8039662472c4a265c7bc62a303fd]
PUP.Optional.V9.A, HKU\S-1-5-21-3896505289-1607041351-1423294743-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, http://www.v9.com/web?type=ds&ts=1433832589&from=zzgbkk123&uid=32199 13727_67194_b07d422f&z=2b4f4575e19367792288a9bgez1 cacab4cfo4wdt1c&q={searchTerms}, , [1cbb7c3d226849ed62a486fd798c52ae]
PUP.Optional.ProductSetup.A, HKU\S-1-5-21-3896505289-1607041351-1423294743-1000\SOFTWARE\PRODUCTSETUP|tb, 0Q2P2X1C1N1K0J2X2X1G1M1F2V, , [0bccf7c25238ea4c893c9dee8d7831cf]
Registry Data: 8
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[f5e2bbfe9af061d5a83436ff6c9a2fd1]
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[c90eaa0f59312412bc20eb4a09fd2ed2]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[22b55b5e17731c1af5e167ce7591c937]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[399ec4f56129a19534a2a88dd63013ed]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[a82f0cad8802ba7cb4225bda897d738d]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[ffd8cfea8406f44284523df861a55fa1]
PUP.Optional.V9.A, HKU\S-1-5-21-3896505289-1607041351-1423294743-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[b91e7c3df19948ee30a6f93ce91d2ed2]
PUP.Optional.V9.A, HKU\S-1-5-21-3896505289-1607041351-1423294743-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c, Good: (www.google.com), Bad: (http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c),,[7562a910a7e373c3ca0c69ccae582ed2]
Folders: 1
FraudTool.YAC, C:\Program Files\Elex-tech\YAC, , [13c48a2fe2a8fc3a523cd0174ab960a0],
Files: 17
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1B89.tmp, , [4196ceebf199a096308dad8eeb1734cc],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1B9A.tmp, , [e3f4942554360a2c10ad7fbcff0348b8],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1B9B.tmp, , [87509a1ff694b680e5d86ecd6f93748c],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1B9C.tmp, , [cd0ae6d378121b1b9429e85301010af6],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1BAC.tmp, , [23b4a4151c6ead892c91b18ac83a0bf5],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1BCC.tmp, , [439419a04149f73f4a73ab902ad8a759],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1C0C.tmp, , [4c8b12a7f991af87ecd184b7cf33b848],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1C2C.tmp, , [08cffdbc0c7ecb6b8b3243f8808225db],
FraudTool.YAC, C:\Users\Sam\AppData\Local\Temp\_@1C2D.tmp, , [e3f4bcfdc4c63105ba0356e58280ab55],
PUP.Optional.V9.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Fir efox\Profiles\ml8bm2uc.default\searchplugins\V9.xm l, , [389f3c7d7b0f85b142912000659f8c74],
PUP.Optional.V9.A, C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage, , [389fc1f80189dc5abe3e9593ec18ab55],
PUP.Optional.V9.A, C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage-journal, , [409740795238e2542dcfd652b74de719],
PUP.Optional.V9.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Fir efox\Profiles\ml8bm2uc.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.v9.com?type=hp&ts=1433832589&from=mych123&uid= 3219913727_67194_b07d422f&z=2b4f4575e19367792288a9 bgez1cacab4cfo4wdt1c");), ,[f7e0c3f62e5c7cba4f53d0b08383916f]
PUP.Optional.V9.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Fir efox\Profiles\ml8bm2uc.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.v9.com?type=hp&ts=1433832589&from=mych123&uid= 3219913727_67194_b07d422f&z=2b4f4575e19367792288a9 bgez1cacab4cfo4wdt1c");), ,[f6e15b5ee7a3f541b90ca8d8877fbb45]
PUP.Optional.V9, C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":5}}), Bad: ("session":{"restore_on_startup":4,"startup_url s":["http://www.v9.com?type=hp&ts=1433832589&from=mych123&uid= 3219913727_67194_b07d422f&z=2b4f4575e19367792288a9 bgez1cacab4cfo4wdt1c"]},"sync":{"remaining_rollback_tries":0}}), ,[8552f3c67416092dff7d384a81853bc5]
PUP.Optional.V9.A, C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\7cwxdlv1.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.v9.com?type=hp&ts=1433832589&from=mych123&uid= 3219913727_67194_b07d422f&z=2b4f4575e19367792288a9 bgez1cacab4cfo4wdt1c");), ,[686f05b4a1e9c76f6042b6ca15f1a65a]
PUP.Optional.V9.A, C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\7cwxdlv1.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.v9.com?type=hp&ts=1433832589&from=mych123&uid= 3219913727_67194_b07d422f&z=2b4f4575e19367792288a9 bgez1cacab4cfo4wdt1c");), ,[65720faa35554beb2c99e0a0d036af51]
Physical Sectors: 0
(No malicious items detected)
(end)
================================================== ===
================================================== ===
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:40 a.m., on 13/06/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16659)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Elex-tech\YAC\iSafeTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unified Remote\RemoteServer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RemotelessHelper\RemotelessHelper.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Sam\AppData\Roaming\Spotify\SpotifyWebHel per.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.e xe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Sam\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.co.nz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.co.nz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.co.nz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.co.nz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.co.nz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1433832...acab4cfo4wdt1c
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RemotelessHelper] "C:\Program Files\RemotelessHelper\RemotelessHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sam\AppData\Roaming\Spotify\SpotifyWebHe lper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3896505289-1607041351-1423294743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe (User '?')
O4 - HKUS\S-1-5-21-3896505289-1607041351-1423294743-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart (User '?')
O4 - S-1-5-21-3896505289-1607041351-1423294743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Dropbox.lnk = Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
O4 - Startup: Dropbox.lnk = Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: WinVista Create New Folder Script.ahk
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: GSService - Unknown owner - C:\Windows\system32\GSService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participações Ltda - C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: WACService - Wondershare - C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files\WinZipper\winzipersvc.exe
--
End of file - 11512 bytes
================================================== ===