Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suddenly Getting Excesive Amount of Spyware


  • Please log in to reply
12 replies to this topic

#1 writer23

writer23

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 16 January 2013 - 06:58 PM

Hi. I have Malwarebytes Anti-Malware and Super Anti-Spyware on my computer. I always keep them updated, and usually run them both no less than three times a week. Malwarebytes rarely ever finds anything, and Super Anti-Spyware usually just find a few spyware files on my computer(no more than 3 to 5).

However, last night I ran MB and SAS, and I was shocked to see that SAS found over 200 spyware files on my computer. Not sure what to think, I removed all the spyware files it found and immediately ran SAS again. This time it found 60 something Spyware files, and this was literally right after I had cleared all the spyware on my computer. Now, every time I run SAS it ends up finding anywhere from 30 to 60 something spyware files. I have no idea what's causing this, but I remember having a similar problem on an older computer I had that was badly infected with viruses. However, I've run MB several times, and it hasn't found anything. My computer seems to be running normally, but keeps getting excessive amounts of spyware for some reason.

Any help would be greatly appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 16 January 2013 - 08:29 PM

Welcome To BC :thumbup2:

Can you post the logs from SAS if it is just tracking cookies then there should be nothing to worry about.



Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
Reset Ie proxy Settins
Reset FF proxy settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

Download Adware Cleaner run it Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe




Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/



Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip

#3 writer23

writer23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 16 January 2013 - 09:10 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2013 at 08:19 PM

Application Version : 5.6.1014

Core Rules Database Version : 9884
Trace Rules Database Version: 7696

Scan type : Complete Scan
Total Scan Time : 00:40:26

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 721
Memory threats detected : 0
Registry items scanned : 70813
Registry threats detected : 0
File items scanned : 46986
File threats detected : 37

Adware.Tracking Cookie
.adxpose.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.usatoday1.112.2o7.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JOSEPH F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BX0BQXG.DEFAULT\COOKIES.SQLITE ]


MiniToolBox by Farbar Version:10-01-2013
Ran by Joseph F (administrator) on 16-01-2013 at 20:36:32
Running from "C:\Users\Joseph F\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Compact Wireless-G USB Adapter = Wireless Network Connection 3 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JosephF-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Compact Wireless-G USB Adapter #3
Physical Address. . . . . . . . . : 00-1A-70-39-E2-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5da:61d4:73c3:97ec%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.254.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 15, 2013 3:09:42 AM
Lease Expires . . . . . . . . . . : Thursday, July 09, 2020 7:06:37 AM
Default Gateway . . . . . . . . . : 192.168.254.254
DHCP Server . . . . . . . . . . . : 192.168.254.254
DHCPv6 IAID . . . . . . . . . . . : 352328304
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-FE-C4-EC-BC-5F-F4-04-5F-C2
DNS Servers . . . . . . . . . . . : 192.168.254.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-5F-F4-04-5F-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14cc:2f46:3f57:1fe(Preferred)
Link-local IPv6 Address . . . . . : fe80::14cc:2f46:3f57:1fe%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{200B016A-5DB6-4369-9045-ED1851CE0014}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: MyRouter.Home
Address: 192.168.254.254

Name: google.com
Addresses: 2607:f8b0:4002:802::1005
74.125.134.100
74.125.134.101
74.125.134.102
74.125.134.113
74.125.134.138
74.125.134.139


Pinging google.com [74.125.134.100] with 32 bytes of data:
Reply from 74.125.134.100: bytes=32 time=17ms TTL=49
Reply from 74.125.134.100: bytes=32 time=17ms TTL=49

Ping statistics for 74.125.134.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 17ms, Average = 17ms
Server: MyRouter.Home
Address: 192.168.254.254

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=102ms TTL=49
Reply from 98.138.253.109: bytes=32 time=122ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 102ms, Maximum = 122ms, Average = 112ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 1a 70 39 e2 b5 ......Compact Wireless-G USB Adapter #3
12...bc 5f f4 04 5f c2 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.254.254 192.168.254.1 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.254.0 255.255.255.0 On-link 192.168.254.1 281
192.168.254.1 255.255.255.255 On-link 192.168.254.1 281
192.168.254.255 255.255.255.255 On-link 192.168.254.1 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.254.1 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.254.1 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:14cc:2f46:3f57:1fe/128
On-link
15 281 fe80::/64 On-link
17 306 fe80::/64 On-link
15 281 fe80::5da:61d4:73c3:97ec/128
On-link
17 306 fe80::14cc:2f46:3f57:1fe/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2013 01:35:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11139

Error: (01/16/2013 01:35:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11139

Error: (01/16/2013 01:35:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2013 01:35:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10140

Error: (01/16/2013 01:35:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10140

Error: (01/16/2013 01:35:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2013 01:35:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9142

Error: (01/16/2013 01:35:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9142

Error: (01/16/2013 01:35:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2013 01:35:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065


System errors:
=============
Error: (01/15/2013 03:06:37 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/15/2013 01:43:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (01/15/2013 01:36:50 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:35:20 AM on ?1/?15/?2013 was unexpected.

Error: (01/13/2013 05:03:03 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.254.1 with the system
having network hardware address FC-0F-E6-29-08-DD. Network operations on this system may
be disrupted as a result.

Error: (01/10/2013 07:12:21 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/10/2013 07:12:21 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/10/2013 03:24:56 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/28/2012 00:56:40 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/21/2012 03:20:41 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (12/21/2012 03:20:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


Microsoft Office Sessions:
=========================
Error: (01/16/2013 01:35:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11139

Error: (01/16/2013 01:35:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11139

Error: (01/16/2013 01:35:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2013 01:35:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10140

Error: (01/16/2013 01:35:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10140

Error: (01/16/2013 01:35:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2013 01:35:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9142

Error: (01/16/2013 01:35:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9142

Error: (01/16/2013 01:35:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2013 01:35:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
AMD APP SDK Runtime (Version: 2.5.709.2)
AMD Catalyst Install Manager (Version: 3.0.838.0)
AMD Fuel (Version: 2011.0728.1756.30366)
AMD VISION Engine Control Center (Version: 2011.0728.1756.30366)
Any Video Converter 3.5.7
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.9.0)
Ask Toolbar Updater (Version: 1.2.3.29495)
AVG Security Toolbar (Version: 14.0.1.10)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center InstallProxy (Version: 2011.0728.1756.30366)
Catalyst Control Center Localization All (Version: 2011.0728.1756.30366)
Catalyst Control Center Profiles Mobile (Version: 2011.0728.1756.30366)
ccc-utility64 (Version: 2011.0728.1756.30366)
CCC Help Chinese Standard (Version: 2011.0728.1755.30366)
CCC Help Chinese Traditional (Version: 2011.0728.1755.30366)
CCC Help Czech (Version: 2011.0728.1755.30366)
CCC Help Danish (Version: 2011.0728.1755.30366)
CCC Help Dutch (Version: 2011.0728.1755.30366)
CCC Help English (Version: 2011.0728.1755.30366)
CCC Help Finnish (Version: 2011.0728.1755.30366)
CCC Help French (Version: 2011.0728.1755.30366)
CCC Help German (Version: 2011.0728.1755.30366)
CCC Help Greek (Version: 2011.0728.1755.30366)
CCC Help Hungarian (Version: 2011.0728.1755.30366)
CCC Help Italian (Version: 2011.0728.1755.30366)
CCC Help Japanese (Version: 2011.0728.1755.30366)
CCC Help Korean (Version: 2011.0728.1755.30366)
CCC Help Norwegian (Version: 2011.0728.1755.30366)
CCC Help Polish (Version: 2011.0728.1755.30366)
CCC Help Portuguese (Version: 2011.0728.1755.30366)
CCC Help Russian (Version: 2011.0728.1755.30366)
CCC Help Spanish (Version: 2011.0728.1755.30366)
CCC Help Swedish (Version: 2011.0728.1755.30366)
CCC Help Thai (Version: 2011.0728.1755.30366)
CCC Help Turkish (Version: 2011.0728.1755.30366)
Compact Wireless-G USB Adapter
Diablo III (Version: 1.0.4.11327)
Futuremark SystemInfo (Version: 3.54.1.1)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 18.0 (x86 en-US) (Version: 18.0)
Mozilla Maintenance Service (Version: 18.0)
MSVCRT (Version: 14.0.1468.721)
Platform (Version: 1.36)
QuickTime (Version: 7.73.80.64)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Safari (Version: 5.34.57.2)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1148)
System Requirements Lab CYRI (Version: 4.5.1.0)
Torchlight II
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VIA Platform Device Manager (Version: 1.36)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Yahoo! Messenger
Yahoo! Software Update
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 7915.79 MB
Available physical RAM: 4855.27 MB
Total Pagefile: 15829.76 MB
Available Pagefile: 11796.22 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:310.18 GB) NTFS

========================= Users: ========================================

User accounts for \\JOSEPHF-PC

Administrator Guest Joseph F


**** End of log ****

# AdwCleaner v2.105 - Logfile created 01/16/2013 at 20:39:37
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joseph F - JOSEPHF-PC
# Boot Mode : Normal
# Running from : C:\Users\Joseph F\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Joseph F\AppData\Roaming\Mozilla\Firefox\Profiles\7bx0bqxg.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Joseph F\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Joseph F\AppData\Local\Conduit
Folder Deleted : C:\Users\Joseph F\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Joseph F\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Joseph F\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joseph F\AppData\Roaming\Mozilla\Firefox\Profiles\7bx0bqxg.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\Joseph F\Documents\ShopToWin
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={BEE8D769-75D5-4E81-AA32-F658E19F0712}&mid=ba56f307720d47d0bfe56d16b2e0b631-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=qw011&pr=sa&d=2012-12-01 12:34:26&v=13.2.0.4&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Joseph F\AppData\Roaming\Mozilla\Firefox\Profiles\7bx0bqxg.default\prefs.js

C:\Users\Joseph F\AppData\Roaming\Mozilla\Firefox\Profiles\7bx0bqxg.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

*************************

AdwCleaner[S1].txt - [9773 octets] - [16/01/2013 20:39:37]

########## EOF - C:\AdwCleaner[S1].txt - [9833 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.3 (01.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Joseph F on Wed 01/16/2013 at 20:54:08.48
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{21a51130-7285-49fe-b3f6-2385cc71cdea}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a531d99c-5a22-449b-83da-872725c6d0ed}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Joseph F\AppData\Roaming\mozilla\firefox\profiles\7bx0bqxg.default\searchplugins\youtube-video-search.xml
Emptied folder: C:\Users\Joseph F\AppData\Roaming\mozilla\firefox\profiles\7bx0bqxg.default\minidumps [64 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/16/2013 at 20:57:42.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/16/2013 09:03:34 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Joseph F\Desktop\rkill\rkill-01-16-2013-09-03-39.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/16/2013 09:03:48 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "PC Optimizer Pro" "Starting up the applicaiton" "Tweaking Tools" "c:\program files\pc optimizer pro\startapps.exe"
+ "Zune Launcher" "Zune Auto-Launcher" "Microsoft Corporation" "c:\program files\zune\zunelauncher.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "HDAudDeck" "VIA HD Audio CPL" "VIA" "c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "vProt" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Messenger (Yahoo!)" "Yahoo! Messenger" "Yahoo! Inc." "c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files (x86)\steam\steam.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "PCProCtxMenu" "" "" "File not found: C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Scheduled Update for Ask Toolbar" "" "" "File not found: C:\Program Files (x86)\Ask.com\UpdateTask.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "Futuremark SystemInfo Service" "Futuremark SystemInfo Service" "Futuremark Corporation" "c:\program files (x86)\common files\futuremark shared\futuremark systeminfo\fmsisvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "VIAKaraokeService" "Service binary" "VIA Technologies, Inc." "c:\windows\system32\viakaraokesrv.exe"
+ "vToolbarUpdater14.0.1" "ToolbarU Application" "" "c:\program files (x86)\common files\avg secure search\vtoolbarupdater\14.0.1\toolbarupdater.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WMZuneComm" "Zune Connectivity for Windows Mobile devices" "Microsoft Corporation" "c:\program files\zune\wmzunecomm.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe"
+ "ZuneNetworkSvc" "Shares Zune media libraries to Zune devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\zune\zunenss.exe"
+ "ZuneWlanCfgSvc" "Configures Zune for wireless syncing" "Microsoft Corporation" "c:\program files\zune\zunewlancfgsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx64.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netr7364" "Ralink 802.11 USB Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr7364.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 185.93 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "VIAHdAudAddService" "VIA High Definition Audio Function Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viahduaa.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "VMfilt" "Creative Audio Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\vmfilt64.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "VIDC.XFR1" "Xfire Video Codec" "" "c:\windows\system32\xfcodec64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Microsoft Zune H.264 Video Decoder" "Microsoft Zune H.264 Video Decoder" "Microsoft Corporation" "c:\program files\zune\zuneh264dec.dll"
+ "WMEnc Screen Capture Filter" "ZuneSrcWrp Module" "Microsoft Corporation" "c:\program files\zune\zunesrcwrp.dll"
+ "Zune Enhanced Video Renderer" "Enhanced Video Renderer DLL" "Microsoft Corporation" "c:\program files\zune\zuneevr.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 16 January 2013 - 10:20 PM

I would like you to open your add remove programs and un install the item below.
Java™ 6 Update 37 (Version: 6.0.370)

Do not re install Java just wait until you need it to install it meaning wait until you run something that requires java so that whenever that happens you will have the latest version of java.

Open autoruns and untick the items below they are not needed.


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""


+ "PC Optimizer Pro" "Starting up the applicaiton" "Tweaking Tools" "c:\program files\pc optimizer pro\startapps.exe"


"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""


+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "HDAudDeck" "VIA HD Audio CPL" "VIA" "c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"

+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "vProt" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\vprot.exe"

I see that you do not have an antivirus installed you will need one I suggest Bitdefender or Avast.

http://www.bitdefender.com/solutions/free.html

http://www.filehippo.com/download_avast_antivirus/










Please download Malwarebytes Anti-Rootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/
Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

Download the program below.
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Run the program hit the scan button allow it to finish.
Then hit the delete button.
Reboot your machine post a new Fss log.
As well as the Rouge killer log please.



Run a scan with Eset. You will need to disable your antivirus during this scan.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.

#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 16 January 2013 - 10:26 PM

Also looks like thre is still parts of AVG on your machine.
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx64.sys"

Run the AVG removal tool prior to installing AVAST or Bitdefender or you might get a possible blue screen issue.
http://www.majorgeeks.com/AVG_Remover_d7000.html
You need the 64 bit version.

Also go here and run the hosts fix it.
http://support.microsoft.com/kb/972034

#6 writer23

writer23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 17 January 2013 - 01:48 AM

I did everything you said, but I had a few problems. I downloaded Bit Defender, but it doesn't work. Even after removing AVG, like you instructed, it still won't run. It installed fine, but, every time I try to run it, it asks me if I want to repair installation. When I click okay, it tells me that it repaired successfully, and reboots my computer. However, after I reboot my computer and try to run it again, the exact same thing happens. I even tried completely uninstalling and reinstalling it, and, still, the same thing happens. I did already have Malwarebytes Anti-Malware as my antivirus software, though. I'm not sure why you thought that I had no antivirus software.

Also, I was unable to run Malwarebytes Anti-Rookit. I downloaded it, but, when I tried to run it, I got a message saying, "The program can't start because QtGui4.dll is missing from your computer."

Lastly, I'm not sure what the "Fss log" you asked me to post is. Anyway, here are the other logs that you requested.



RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joseph F [Admin rights]
Mode : Scan -- Date : 01/17/2013 00:12:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 8258c519437697fb36c88cb73933ac1d
[BSP] 4aec1d078c076e8b96fb5a7823157567 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01172013_02d0012.txt >>
RKreport[1]_S_01172013_02d0012.txt



RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joseph F [Admin rights]
Mode : Remove -- Date : 01/17/2013 00:12:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 8258c519437697fb36c88cb73933ac1d
[BSP] 4aec1d078c076e8b96fb5a7823157567 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01172013_02d0012.txt >>
RKreport[1]_S_01172013_02d0012.txt ; RKreport[2]_D_01172013_02d0012.txt



C:\Users\Joseph F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\18dc9d98-2648c941 a variant of Java/Exploit.CVE-2012-1723.FD trojan deleted - quarantined

2013-01-17 09:13:31,600 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2013-01-17 09:13:31,607 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 17 January 2013 - 05:52 PM

To be able to run Malwarebytes anti rootkit you need to unzip it to its own folder.

Malwarebytes is not an antivirus!
So you still need one.
Go ahead and install Avast if bit defender is bucking on you.

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe


Right click run as admin. . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results


Download Emsisoft Emergency Kit
http://www.emsisoft.com/en/software/eek/download/
and save it to your desktop. Right-click on EmsisoftEmergencyKit.zip and select Extract All.... Leave all settings as they are and click Extract. You will now have a folder named EmsisoftEmergencyKit on your desktop.

Open the EmsisoftEmergencyKit folder and double-click Start.exe.
A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
When asked to run an online update, click Yes.
When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
Select the Deep Scan option and click the SCAN button.
When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
Copy/paste the report contents in your next reply.

#8 writer23

writer23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 18 January 2013 - 03:19 AM

I got Malwarebytes Anti-Rookit to work, and I also installed Avast. I couldn't figure out how to get the logs for either of them, but neither of them found anything when I ran them. Here are the other logs you asked for.

01:24:44.0087 2388 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:24:44.0663 2388 ============================================================
01:24:44.0663 2388 Current date / time: 2013/01/18 01:24:44.0663
01:24:44.0663 2388 SystemInfo:
01:24:44.0663 2388
01:24:44.0663 2388 OS Version: 6.1.7601 ServicePack: 1.0
01:24:44.0663 2388 Product type: Workstation
01:24:44.0663 2388 ComputerName: JOSEPHF-PC
01:24:44.0664 2388 UserName: Joseph F
01:24:44.0664 2388 Windows directory: C:\Windows
01:24:44.0664 2388 System windows directory: C:\Windows
01:24:44.0664 2388 Running under WOW64
01:24:44.0664 2388 Processor architecture: Intel x64
01:24:44.0664 2388 Number of processors: 3
01:24:44.0664 2388 Page size: 0x1000
01:24:44.0664 2388 Boot type: Normal boot
01:24:44.0664 2388 ============================================================
01:24:45.0765 2388 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:24:45.0770 2388 ============================================================
01:24:45.0770 2388 \Device\Harddisk0\DR0:
01:24:45.0771 2388 MBR partitions:
01:24:45.0771 2388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:24:45.0771 2388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
01:24:45.0771 2388 ============================================================
01:24:45.0787 2388 C: <-> \Device\Harddisk0\DR0\Partition2
01:24:45.0787 2388 ============================================================
01:24:45.0787 2388 Initialize success
01:24:45.0787 2388 ============================================================

Emsisoft Emergency Kit - Version 3.0
Last update: 1/18/2013 2:36:56 AM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, Q:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 1/18/2013 2:39:29 AM

C:\Users\Joseph F\AppData\Roaming\WeatherBug detected: Trace.File.WeatherBug (A)

Scanned 434777
Found 1

Scan end: 1/18/2013 3:14:34 AM
Scan time: 0:35:05

C:\Users\Joseph F\AppData\Roaming\WeatherBug Deleted Trace.File.WeatherBug (A)

Deleted 1

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 18 January 2013 - 03:25 AM

The TDSS killer log is incpmplete
Everything else looks good.
You are not infected.

Run File hippo update checker.
http://www.filehippo.com/updatechecker/

Clear your restore points.
Turn system restore off reboot.
Turn it back on reboot again.
http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Stay safe on the web do not click on dogy links and never open emails from anyone you do not know personally. :thumbup2:

#10 writer23

writer23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 22 January 2013 - 12:23 AM

Thanks, I appreciate your help. I'm still getting way more spyware than I normally get, though. Every time I run a Spyware check it finds over 100 Spyware files, where as before I never got more than 3 or 4 a day. Any idea what might be causing me to be getting so much Spyware all of a sudden?

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 23 January 2013 - 08:27 PM

I am pretty certain that you are not infected.
Try installing spyware blaster and see how that goes for you.
http://www.brightfort.com/sbdownload.html :thumbup2:

#12 'Gator

'Gator

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belleville, IL
  • Local time:02:46 AM

Posted 23 May 2013 - 05:50 AM

Sounds familiar--on my cell phone running Android 2.2.2, kernel version 2.6.32.9-perf, build FROYO.UVKE4, on a Samsung SGH-T499 ("Dart").

 

I downloaded two highly-rated GPS apps.  Both turned out to be products of an Israeli company which gets its revenues by selling my personal information to advertisers.  They mentioned TRUSTe as a way to feign respectability, but put StartApp on my smart phone to distribute personal information about me to advertisers.  Within two days of downloading and installing these apps, I began getting text messages advertising games and other software.

 

The initial display after installing these apps indicated that not only would I have to remove the apps, but that I would have to remove a bookmark and at least one file from my phone.  These notices did not repeat, so I have no idea what to remove.  (Neither the bookmark nor the file(s) were identified by name and location.)

 

Please help me get this garbage off my phone.



#13 'Gator

'Gator

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belleville, IL
  • Local time:02:46 AM

Posted 06 June 2013 - 06:48 AM

I'm relatively new to smart cell phones, so (among many things) I have no idea how to select a jammer.  However, I AM familiar with the concept of filtering by frequency; I just don't know how this applies to my problem.

 

My Internet instincts tell me to go after the perpetrator and threaten legal action for installing spyware on my phone without prior notice.  Nevertheless, I know how futile such a threat is since legal enforcement depends on the laws of the countries involved.  If a jammer is the effective solution, I need to learn a lot more about them.

 

Any suggestions on where I go to learn?  I can just Google up a storm, but that's very time-consuming; so I'd rather get advice from someone who has found an answer.

 

Thanks for your help.

 

--'Gator sends






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users