Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It all started with Internet Security 2013 Virus


  • This topic is locked This topic is locked
46 replies to this topic

#1 sturner2900

sturner2900

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 September 2013 - 04:45 PM

Now I'm not sure what I have, but I don't think it's good.

 

http://www.bleepingcomputer.com/forums/t/505938/internet-security-2013-virus/?hl=%2Bsturner2900#entry3144643

 

I tried to follow all the instructions and thought for a while it was gone. I don't see the icon anymore, but I'm getting thrown out of online sights on IE10. I still think there's something there. I was finally able to boot into safe mode and follow the instructions.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/9/2011 5:32:34 PM
System Uptime: 9/8/2013 3:18:29 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | CM6850
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 810.616 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP262: 8/29/2013 9:47:40 AM - ComboFix created restore point
RP263: 8/29/2013 3:48:16 PM - Windows Update
RP264: 8/29/2013 4:06:54 PM - Installed Microsoft Fix it 50535
RP265: 9/2/2013 3:48:28 PM - Windows Update
RP266: 9/8/2013 3:29:42 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.6)
AI Manager
AI Suite II
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Backup Wizard
AsusVibe2.0
Best Buy pc app
Bonjour
BrowserSafeguard
Compatibility Pack for the 2007 Office system
DefaultTab
Elements 9 Organizer
Elements STI Installer
File Opener Pro
Google Earth
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
iTunes
J2SE Runtime Environment 5.0 Update 17
Malwarebytes Anti-Malware version 1.75.0.1300
Matilda
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010
Microsoft Office Access Runtime (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.4.0
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NETGEAR Genie
Picasa 3
QuickBooks
QuickBooks Pro 2013
QuickShare
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
RealUpgrade 1.1
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.0
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
WD SmartWare
Web Protect for Windows
WinZip 17.0
Works Suite OS Pack
Works Synchronization
.
==== Event Viewer Messages From Past Week ========
.
9/8/2013 3:19:05 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
9/8/2013 3:18:53 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
9/2/2013 2:37:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/2/2013 2:37:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/2/2013 2:37:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/2/2013 2:37:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/2/2013 2:37:13 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AsIO AsUpIO discache SASDIFSV SASKUTIL spldr Wanarpv6
9/2/2013 2:37:13 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
9/2/2013 2:37:12 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
9/2/2013 2:36:12 PM, Error: Service Control Manager [7023]  -
9/2/2013 2:17:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/2/2013 12:39:52 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
9/2/2013 12:39:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/2/2013 12:39:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/2/2013 12:33:02 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsIO AsUpIO DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf ws2ifsl
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/2/2013 12:33:01 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/1/2013 8:36:04 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.
.
==== End Of File ===========================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 1.5.0_17
Run by Stephanie at 16:30:55 on 2013-09-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12199.9048 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Stephanie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Users\Stephanie\AppData\Local\Smartbar\Application\QuickShare.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Java\jre1.5.0_17\bin\jusched.exe
C:\Users\Stephanie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\privoxy\privoxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Java\jre1.5.0_17\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <-loopback>;<local>;192.168.*.*
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Web Protect: {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - C:\Program Files (x86)\Web Protect\WebProtect.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_17\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Akamai NetSession Interface] "C:\Users\Stephanie\AppData\Local\Akamai\netsession_win.exe"
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [SearchProtect] C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
uRun: [Browser Infrastructure Helper] C:\Users\Stephanie\AppData\Local\Smartbar\Application\QuickShare.exe startup
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
mRun: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_17\bin\jusched.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe
dRun: [SearchProtect] C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~2.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_17\bin\ssv.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{B2A44E9F-B7BB-41B8-B3B2-554F2A789FE9} : DHCPNameServer = 10.0.0.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-14 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-10 45856]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-7-13 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [2011-7-13 915072]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2011-7-13 586880]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Stephanie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-9-4 107520]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-7-13 203392]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-12-23 1248256]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-7-13 32544]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-13 2656280]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
R2 WDDMService.exe;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-8-17 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-7-13 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-7-13 389608]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-13 317440]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 mv91cons;mv91cons;C:\Windows\System32\drivers\mv91cons.sys [2011-7-13 23080]
S3 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-7-13 297000]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-13 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-13 181248]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-7-13 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-7-13 29472]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-7-13 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-09-08 20:30:38 965008 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{666AA1C1-D32B-4EB9-85D1-D7BF742B540E}\gapaengine.dll
2013-09-08 20:30:38 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-08 20:30:13 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59599C62-245A-47DC-87F5-F6CC86F981F7}\mpengine.dll
2013-09-05 02:56:13 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-05 01:15:08 -------- d-----w- C:\Users\Stephanie\AppData\Local\Smartbar
2013-09-05 01:14:20 -------- d-----w- C:\Users\Stephanie\AppData\Roaming\DefaultTab
2013-09-05 01:13:10 -------- d-----w- C:\Program Files (x86)\privoxy
2013-09-05 01:12:53 -------- d-----w- C:\Program Files (x86)\Web Protect
2013-09-02 20:49:02 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95C238DA-0C97-408D-820C-4AB4CC3A937A}\gapaengine.dll
2013-09-02 20:47:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-09-02 20:47:25 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-08-30 23:09:23 -------- dc----w- C:\ProgramData\{8AE336A1-F82F-4ABF-A02A-B6ABA86CB4C5}
2013-08-30 23:09:19 -------- d-----w- C:\ProgramData\Best Buy pc app
2013-08-30 23:09:15 -------- dc-h--w- C:\ProgramData\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}
2013-08-29 14:38:49 -------- d-s---w- C:\ComboFix
2013-08-29 14:27:39 -------- d-----w- C:\Windows\SysWow64\cache
2013-08-29 14:27:24 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-29 14:26:14 98816 ----a-w- C:\Windows\sed.exe
2013-08-29 14:26:14 256000 ----a-w- C:\Windows\PEV.exe
2013-08-29 14:26:14 208896 ----a-w- C:\Windows\MBR.exe
2013-08-29 14:19:53 -------- d-----w- C:\AdwCleaner
2013-08-29 14:10:09 -------- d-----w- C:\Program Files (x86)\FileOpenerPro
2013-08-29 14:10:02 -------- d-----w- C:\Program Files (x86)\Browsersafeguard
2013-08-29 14:09:46 -------- d-----w- C:\Users\Stephanie\AppData\Local\SwvUpdater
2013-08-29 14:09:26 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-08-29 14:09:25 -------- d-----w- C:\Users\Stephanie\AppData\Local\CRE
2013-08-29 14:09:08 -------- d-----w- C:\Users\Stephanie\AppData\Roaming\SearchProtect
2013-08-29 14:09:08 -------- d-----w- C:\Users\Stephanie\AppData\Local\Conduit
2013-08-29 14:09:08 -------- d-----w- C:\Program Files (x86)\Conduit
2013-08-25 22:14:59 -------- d-----w- C:\Users\Stephanie\AppData\Local\Programs
2013-08-21 18:48:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-21 18:48:59 -------- d-----w- C:\Program Files\iTunes
2013-08-21 18:48:59 -------- d-----w- C:\Program Files\iPod
2013-08-21 18:48:59 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-15 08:00:25 -------- d-----w- C:\QBBackupTemp Thu, Aug 15 2013 03 00 25 AM
.
==================== Find3M  ====================
.
2013-08-14 15:31:28 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-27 14:20:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-27 14:20:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-14 01:03:00 96784 ----a-w- C:\Windows\SysWow64\packet.dll
2013-07-14 01:03:00 369168 ----a-w- C:\Windows\System32\wpcap.dll
2013-07-14 01:03:00 35344 ----a-w- C:\Windows\System32\drivers\npf.sys
2013-07-14 01:03:00 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll
2013-07-14 01:03:00 106000 ----a-w- C:\Windows\System32\packet.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-21 02:26:58 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-06-21 02:26:58 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 16:31:04.60 ===============
 


Edited by sturner2900, 08 September 2013 - 05:32 PM.


BC AdBot (Login to Remove)

 


#2 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 09 September 2013 - 07:13 PM

Now I have popups all over the place, and web sites I didn't ask for. Then again, I guess those are pop ups too.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 13 September 2013 - 12:52 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#4 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 15 September 2013 - 03:43 PM

.Nasdaq, thanks so much for responding!

 

 

Now I seem to really have a problem. I ran Rogue Killer  Then I had to go out of town for a few days. When I returned and tried to get on the internet I got a message that said "The proxy server was not responding." So,I googled how to fix that so I set my internet options to the default. Then the computer rebooted. When I tried to download AdWare I got a message that said what I downloaded was out of date

and did I want to update it. Sure! What came up then was in French, so I stopped it and the computer rebooted and all of a sudden I have a black screen, but I can hear what sounds like several different tv channels playing at once. A couple of them were in a foreign language. Then I tried to restart and a blue screen flashed and all I could see was something about "Crash Dump--collecting data. This can't be good. Right now my computer is on the black screen asking if I want to go into any of the safe modes. I'm not doing another thing



#5 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 15 September 2013 - 03:46 PM

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stephanie [Admin rights]
Mode : Scan -- Date : 09/13/2013 17:37:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> KILLED [TermProc]
[SUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Stephanie\AppData\Local\Google\Desktop\Install\{88f57080-725c-91a2-d881-55fbd140634b}\?��?��?��\?��?��?��\???ﯹ๛\{88f57080-725c-91a2-d881-55fbd140634b}\GoogleUpdate.exe" >) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : SearchProtect (C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-563700726-4184255229-826723013-1001\[...]\Run : Google Update ("C:\Users\Stephanie\AppData\Local\Google\Desktop\Install\{88f57080-725c-91a2-d881-55fbd140634b}\?��?��?��\?��?��?��\???ﯹ๛\{88f57080-725c-91a2-d881-55fbd140634b}\GoogleUpdate.exe" >) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-563700726-4184255229-826723013-1001\[...]\Run : SearchProtect (C:\Users\Stephanie\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : SearchProtect (C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[PROXY IE] HKLM\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:50042;hxxps=127.0.0.1:50042) -> FOUND
[PROXY IE] HKLM\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 2 ¤¤¤
[Default][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][7][-] -> FOUND
[Default User][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][7][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Stephanie\AppData\Local\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-229BA0 ATA Device +++++
--- User ---
[MBR] c8f0b82105062a665ef44de67e099eea
[BSP] 76a2b9cc31f505b0d70919076e1eef62 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 10024 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20531200 | Size: 943843 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09132013_173742.txt >>

 

 

 



#6 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 15 September 2013 - 07:01 PM

The above paragraph was supposed to say, "I'm not doing another thing until I hear back from you."

#7 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 16 September 2013 - 08:31 AM

The items found by the RogueKiller must be removed.

For now run the AdwCleaner and the Junk Removal tool.

Makes sure you run the clean function while using AdwCleaner.

Post the logs and will take it from there.

#8 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 16 September 2013 - 05:39 PM

# AdwCleaner v3.004 - Report created 16/09/2013 at 16:42:51
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stephanie - STEPHANIE-PC
# Running from : C:\Users\Stephanie\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : DefaultTabUpdate
Service Found : IBUpdaterService
Service Found : Update WebConnect

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\STEPHA~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\STEPHA~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Found : C:\Windows\System32\dmwu.exe
File Found : C:\Windows\System32\ImhxxpComm.dll
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MixiDJ_V37
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Program Files (x86)\SweetPacks
Folder Found C:\Program Files (x86)\WebConnect
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\IBUpdaterService
Folder Found C:\Users\Administrator\AppData\Local\PackageAware
Folder Found C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Found C:\Users\Administrator\AppData\LocalLow\PriceGong
Folder Found C:\Users\Administrator\AppData\LocalLow\Smartbar
Folder Found C:\Users\Administrator\AppData\Roaming\Searchprotect
Folder Found C:\Users\STEPHA~1\AppData\Local\Temp\boost_interprocess
Folder Found C:\Users\STEPHA~1\AppData\Local\Temp\boost_interprocess
Folder Found C:\Users\STEPHA~1\AppData\Local\Temp\Smartbar
Folder Found C:\Users\STEPHA~1\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Stephanie\AppData\Local\AVG Secure Search
Folder Found C:\Users\Stephanie\AppData\Local\Conduit
Folder Found C:\Users\Stephanie\AppData\Local\cre
Folder Found C:\Users\Stephanie\AppData\Local\PackageAware
Folder Found C:\Users\Stephanie\AppData\Local\Smartbar
Folder Found C:\Users\Stephanie\AppData\Local\SwvUpdater
Folder Found C:\Users\Stephanie\AppData\LocalLow\Conduit
Folder Found C:\Users\Stephanie\AppData\LocalLow\delta
Folder Found C:\Users\Stephanie\AppData\LocalLow\MixiDJ_V37
Folder Found C:\Users\Stephanie\AppData\LocalLow\PriceGong
Folder Found C:\Users\Stephanie\AppData\LocalLow\Smartbar
Folder Found C:\Users\Stephanie\AppData\LocalLow\SweetPacks
Folder Found C:\Users\Stephanie\AppData\Roaming\Babylon
Folder Found C:\Users\Stephanie\AppData\Roaming\DefaultTab
Folder Found C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\Stephanie\AppData\Roaming\Searchprotect
Folder Found C:\Users\Stephanie\Documents\optimizer pro
Folder Found C:\Windows\SysWOW64\ARFC
Folder Found C:\Windows\SysWOW64\jmdp
Folder Found C:\Windows\SysWOW64\WNLT

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Stephanie\Desktop\Search.lnk ( -url hxxp://www2.delta-search.com/?babsrc=DT_ss&mntrId=A2E75404A668171C&affID=119351&tsp=5002 -wbr 1 )

***** [ Registry ] *****

Key Found : HKCU\Software\a48bdee238ee44
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\MixiDJ_V37
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\SweetPacks
Key Found : HKCU\Software\AppDataLow\Software\SweetPacks
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKCU\Software\WNLT
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\SmartbarBackup
Key Found : [x64] HKCU\Software\SmartbarLog
Key Found : [x64] HKCU\Software\WNLT
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\a48bdee238ee44
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2316C625-B487-4410-A1A5-FF040B65245F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{433F6F13-5EB8-4F3A-9643-F0F610954D4C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6447E706-6121-495B-9308-A18AF6DCA263}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6179640-C0B8-4EE2-BAA5-04C974D6BB80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1934F94-4C82-417B-81C1-B2A9E6051F9D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\Software\MixiDJ_V37
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SweetPacks
Key Found : HKLM\Software\SweetPacks
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\WNLT
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN36757999361238219&UM=2&UP=SP1AD369B3-C9B4-4AEF-AABE-E475D91C9D09

-\\ Google Chrome v

[ File : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20248 octets] - [16/09/2013 16:42:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20309 octets] ##########


# AdwCleaner v3.004 - Report created 16/09/2013 at 17:17:02
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stephanie - STEPHANIE-PC
# Running from : C:\Users\Stephanie\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v

[ File : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20510 octets] - [16/09/2013 16:42:51]
AdwCleaner[R1].txt - [1040 octets] - [16/09/2013 17:17:02]
AdwCleaner[S0].txt - [19247 octets] - [16/09/2013 16:45:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1161 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Stephanie on Mon 09/16/2013 at 17:05:54.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-563700726-4184255229-826723013-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\SearchProtect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{137D37AA-2B90-4714-BB2A-A8E35F0A5492}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CD3F5B4E-6227-486E-9D0B-6702E4A039E1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\toparcadehits.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Stephanie\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Stephanie\appdata\local\toparcadehits"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\fileopenerpro"
Successfully deleted: [Folder] "C:\Users\Stephanie\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{2DF32C0A-AA06-412A-9173-D4E5CA618001}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{340B41C8-4CFF-4080-8A2F-E40E04392E29}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{3CD5A2A1-0B1B-4538-AA8B-96B4D392D5F3}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{533F5505-A7B7-4D2F-9D55-F6E6BE0A2587}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{6367C19D-66A7-42EE-9114-E3AFF1AD5CBF}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{6E8ACCB6-ECCC-4DD2-8B28-D71684FFC0CC}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{8D404F57-C45D-4940-83EE-A3ADBEC9485D}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{91B6B030-F36D-4C39-9BE9-A2E23142DD45}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{9629CDD4-B4E4-4AC9-A5A5-BBC07D31DB2E}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{B076FCB1-E813-4000-A96D-D10F2AD8BA71}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{DA1419F9-DF10-41C6-9930-BA3B36939A01}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{DBD3794C-A4F0-4315-B67C-A6170AA5C3F7}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{E86A08FF-AB2E-4028-99A3-5E223705A0B7}
Successfully deleted: [Empty Folder] C:\Users\Stephanie\appdata\local\{F89F3100-2719-4B5B-858B-A4BBAC347052}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/16/2013 at 17:10:01.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 17 September 2013 - 07:40 AM

Can you now run the Combofix tool and post the log.

Let me know of the remaining problems with this computer.

#10 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 17 September 2013 - 10:13 AM

The computer keeps restarting itself and briefly shows the blue "Collecting Data for Crash Dump" screen and then goes to the black Safe Mode screen. If I can only get on the internet in Safe Mode.

 

ComboFix 13-09-17.01 - Stephanie 09/17/2013   8:53.2.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12199.11137 [GMT -5:00]
Running from: c:\users\Stephanie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Web Protect\WeBProtect.dll
c:\programdata\Microsoft\Windows\DRM\5BB6.tmp
c:\programdata\Microsoft\Windows\DRM\5C93.tmp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Stephanie\Desktop\Search.lnk
c:\users\Stephanie\Documents\DPE.DUS
c:\windows\PFRO.log
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\075884af680ff6dc__exp__1377872861
c:\windows\SysWow64\Cache\3b0a1b64221b9d14.fb
c:\windows\SysWow64\Cache\3b0a1b64221b9d14__exp__1377872860
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502__exp__1377872865
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076__exp__1377872864
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af__exp__1377872865
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\691f14230153a9e1__exp__1377872866
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546__exp__1377872865
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\881b3593316772f0__exp__1377872863
c:\windows\SysWow64\Cache\c4e10d1be905349b.fb
c:\windows\SysWow64\Cache\c4e10d1be905349b__exp__1377872864
c:\windows\SysWow64\Cache\c8a51ba84752784f.fb
c:\windows\SysWow64\Cache\c8a51ba84752784f__exp__1377872862
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f__exp__1377872862
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
.
.
2013-09-17 14:14 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{618B0B49-FA2E-48F9-94A0-2F0BE257B653}\mpengine.dll
2013-09-17 13:58 . 2013-09-17 13:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-17 13:58 . 2013-09-17 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-16 22:05 . 2013-09-16 22:05 -------- d-----w- c:\windows\ERUNT
2013-09-15 20:01 . 2013-07-04 07:11 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-15 20:01 . 2013-07-04 07:11 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-09-15 19:41 . 2013-08-06 06:58 9515512 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-15 19:32 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-13 22:12 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-13 22:12 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-13 22:12 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-11 00:44 . 2013-09-11 00:44 -------- d-----w- c:\users\Stephanie\AppData\Local\avgchrome
2013-09-11 00:31 . 2013-09-11 00:31 -------- d-----w- c:\program files (x86)\Common Files\Avery
2013-09-11 00:31 . 2013-09-11 00:32 -------- d-----w- c:\program files (x86)\Avery Wizard 2.5
2013-09-11 00:28 . 2013-09-11 00:28 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-09-11 00:28 . 2013-09-11 00:28 -------- d-----w- c:\windows\SysWow64\Extensions
2013-09-08 20:30 . 2013-09-08 20:29 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{666AA1C1-D32B-4EB9-85D1-D7BF742B540E}\gapaengine.dll
2013-09-08 20:30 . 2013-09-02 20:48 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-05 01:13 . 2013-09-05 01:13 -------- d-----w- c:\program files (x86)\privoxy
2013-09-05 01:12 . 2013-09-17 13:58 -------- d-----w- c:\program files (x86)\Web Protect
2013-09-02 20:47 . 2013-09-02 20:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-09-02 20:47 . 2013-09-02 20:47 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-30 23:09 . 2013-08-30 23:09 -------- dc----w- c:\programdata\{8AE336A1-F82F-4ABF-A02A-B6ABA86CB4C5}
2013-08-30 23:09 . 2013-08-30 23:09 -------- dc-h--w- c:\programdata\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}
2013-08-29 14:19 . 2013-09-16 22:18 -------- d-----w- C:\AdwCleaner
2013-08-29 03:44 . 2013-09-13 22:49 -------- d-----w- c:\users\Administrator
2013-08-25 22:14 . 2013-08-25 22:14 -------- d-----w- c:\users\Stephanie\AppData\Local\Programs
2013-08-21 18:48 . 2013-08-21 18:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-21 18:48 . 2013-08-21 18:49 -------- d-----w- c:\program files\iTunes
2013-08-21 18:48 . 2013-08-21 18:49 -------- d-----w- c:\program files (x86)\iTunes
2013-08-21 18:48 . 2013-08-21 18:48 -------- d-----w- c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 19:32 . 2012-05-16 14:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-15 19:32 . 2011-07-13 18:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 08:01 . 2011-11-12 19:03 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-14 15:31 . 2013-03-11 02:10 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-08-02 01:48 . 2013-09-13 22:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 15:38 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 15:38 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 15:38 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 15:38 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-14 01:03 . 2013-07-14 01:03 369168 ----a-w- c:\windows\system32\wpcap.dll
2013-07-14 01:03 . 2013-07-14 01:03 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2013-07-14 01:03 . 2013-07-14 01:03 106000 ----a-w- c:\windows\system32\packet.dll
2013-07-09 05:52 . 2013-08-14 15:38 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 15:38 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 15:38 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 15:38 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 15:38 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 15:38 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 15:38 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 15:38 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 15:38 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 15:38 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 15:38 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-27 00:21 . 2013-06-27 00:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys
2013-06-27 00:21 . 2013-06-27 00:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys
2013-06-27 00:21 . 2013-06-27 00:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys
2013-06-27 00:21 . 2013-06-27 00:21 1777320 ----a-w- c:\windows\system32\sftldr.dll
2013-06-27 00:21 . 2013-06-27 00:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll
2013-06-27 00:21 . 2013-06-27 00:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys
2013-06-21 02:26 . 2012-12-17 02:00 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-06-21 02:26 . 2012-12-17 02:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
"Akamai NetSession Interface"="c:\users\Stephanie\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-04-07 1044224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"WorksFUD"="c:\program files (x86)\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"Microsoft Works Portfolio"="c:\program files (x86)\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-05-23 2786104]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-21 295512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-7-13 548528]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-5-23 6258488]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-6-19 1182536]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2013\QBW32.EXE -silent [2013-6-19 1185096]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2104320]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-8-17 8919040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BitGuard;BitGuard;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys;c:\windows\SYSNATIVE\drivers\mv91cons.sys [x]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 19:32]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:29]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:29]
.
2013-09-11 c:\windows\Tasks\ReclaimerUpdateFiles_Stephanie.job
- c:\users\Stephanie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-08 22:10]
.
2013-09-11 c:\windows\Tasks\ReclaimerUpdateXML_Stephanie.job
- c:\users\Stephanie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-08 22:10]
.
2013-09-17 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Stephanie.job
- c:\users\Stephanie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-08 22:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-15 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-15 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-15 440600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;<local>;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - c:\program files (x86)\Web Protect\WebProtect.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-fileopenerpro - c:\program files (x86)\FileOpenerPro\uninstall.exe
AddRemove-IECT3298573 - c:\programdata\Conduit\IE\CT3298573\UninstallerUI.exe
AddRemove-IECT3310511 - c:\programdata\Conduit\IE\CT3310511\UninstallerUI.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Stephanie\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,6e,a3,
   8f,4f,df,9e,01,af,6e,2c,31,4b,d8,73,2d
"{739DF940-C5EE-4BAB-9D7E-270894AE687A}"=hex:51,66,7a,6c,4c,1d,3b,1b,50,e2,89,
   69,de,96,c4,01,83,73,78,51,95,e5,29,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,13,cb,
   02,9d,bb,ec,08,bb,9b,a5,0e,8d,65,fc,dd
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,d8,5d,
   2a,51,e7,aa,01,96,7d,13,50,15,2a,d3,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8c,00,
   6c,c0,85,43,0c,a8,e6,8b,83,f0,92,6c,5d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,64,cb,15,81,2c,11,42,a2,b8,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,64,cb,15,81,2c,11,42,a2,b8,9b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
.
**************************************************************************
.
Completion time: 2013-09-17  09:25:05 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-17 14:25
.
Pre-Run: 869,789,024,256 bytes free
Post-Run: 875,224,358,912 bytes free
.
- - End Of File - - 79CBFD7940F2F0F11745009E7983D51F
A36C5E4F47E84449FF07ED3517B43A31
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 17 September 2013 - 10:58 AM

Try to run the Last Good Configuration.
http://windows.microsoft.com/en-CA/windows7/Using-Last-Known-Good-Configuration
<<<>>>

Any error number associated with the BSOD?

#12 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 17 September 2013 - 11:41 AM

Ran the Last Good Configuration and the system still reboots itself. The only way I can do anything is in Safe Mode. I did not notice the blue screen this time, though. Not sure what you mean by "number associated with the BSOD."  I have not removed items found by Rogue Killer yet, if that makes any difference.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 17 September 2013 - 12:32 PM

Please remove all items found by the RogueKiller tool.

Remove also the items found by the AdwCleaner tool.

Restart the computer normally.

#14 sturner2900

sturner2900
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 17 September 2013 - 03:41 PM

The computer will not start normally. I tried using the main user account and it just keeps rebooting itself. I tried under another user account and the blue crash dump screen shows up and I hear what sounds like several tv shows talking at the same time, then it reboots itself. To send the logs I had to go into Safe Mode.

 

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Stephanie [Admin rights]
Mode : Remove -- Date : 09/17/2013 15:04:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKLM\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:50042;hxxps=127.0.0.1:50042) -> NOT REMOVED, USE PROXYFIX
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-229BA0 ATA Device +++++
--- User ---
[MBR] c8f0b82105062a665ef44de67e099eea
[BSP] 76a2b9cc31f505b0d70919076e1eef62 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 10024 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20531200 | Size: 943843 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 18bf0dabbc4d35e381097fc92f1a8fa4
[BSP] db65d510d42506e1906a2db3e59f2ed0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 10024 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20531200 | Size: 943843 Mo

Finished : << RKreport[0]_D_09172013_150430.txt >>
RKreport[0]_D_09132013_174130.txt;RKreport[0]_S_09132013_173742.txt;RKreport[0]_S_09172013_150319.txt

 

# AdwCleaner v3.001 - Report created 17/09/2013 at 15:08:21
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stephanie - STEPHANIE-PC
# Running from : C:\Users\Stephanie\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

*************************

AdwCleaner[R0].txt - [20510 octets] - [16/09/2013 16:42:51]
AdwCleaner[R1].txt - [1241 octets] - [16/09/2013 17:17:02]
AdwCleaner[R2].txt - [890 octets] - [17/09/2013 15:06:28]
AdwCleaner[R3].txt - [949 octets] - [17/09/2013 15:06:41]
AdwCleaner[S0].txt - [19247 octets] - [16/09/2013 16:45:03]
AdwCleaner[S1].txt - [1306 octets] - [16/09/2013 17:18:48]
AdwCleaner[S2].txt - [871 octets] - [17/09/2013 15:08:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [930 octets] ##########

 

 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 19,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 18 September 2013 - 07:53 AM


http://www.pcstats.com/articleview.cfm?articleID=1647
Look at the Blue screen picture on the link.

Can you view the STOP nXnnnnnnnn number listed on your screen. (n is a number)
If you can make a note of it and post the number in your next post.
===


Was this proxy set by you?
[PROXY IE] HKLM\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:50042;hxxps=127.0.0.1:50042)

If YES then DO NOT CHECK THE RESET THE PROXY IN IE and Firefox in the application suggested here.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • Select ALL.
  • List Devices
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • [b]Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users