Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OtShot Removal and help to confirm virus free computer


  • This topic is locked This topic is locked
55 replies to this topic

#1 mkat

mkat

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 21 April 2013 - 08:28 PM

As suggested in this topic:  http://www.bleepingcomputer.com/forums/t/491883/please-help-with-otshot-removal/?hl=%2Botshot#entry3028159

 

Starting with step 6, I downloaded DDS and am attaching the two requested logs as well as posting the DDS log here.  While I was out of town for a week (4/5 - 13/2013) my kid's seemed to have downloaded some programs (and viewed some nasty websites) that i did not authorize and I don't know what they are:  namely OtShot, and Privacy SafeGuard.  OtShot, on every boot, wants me to give permission to load my outlook contacts.  my desktop screen, at bootup, is black for a long time and I have had some trouble surfing the web and the first time I noticed all this upon returning, everything was lagging, especially typing on the internet.  I'd press keys and they would not respond.  The computer is very slow and I have had some difficulties downloading a content filter that somehow was deleted from my computer or expired and I was not notified.  I also had to remove the old - CloudCare or Bsecure. I don't know if it was completely removed or not.  Thank you very much for your help!Attached File  dds.txt   24.44KB   0 downloadsAttached File  attach.zip   4.24KB   0 downloads

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.17.2
Run by Cook at 20:47:14 on 2013-04-21
Microsoft Windows 7 Home Premium N   6.1.7601.1.1252.1.1033.18.8104.5697 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG Family Safety\BSecAMX.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OtShot\otshot.exe
C:\Program Files (x86)\AVG\AVG Family Safety\BsecTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\AVG\AVG Family Safety\BSecAMX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OtShot\otshot.exe
C:\Program Files (x86)\AVG\AVG Family Safety\BsecTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe
uRun: [GoogleChromeAutoLaunch_A05EE03FCFC48E6AAA021CBFCEDA205B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize
mRun: [AVG Family Safety] C:\Program Files (x86)\AVG\AVG Family Safety\BsecTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %ProgramFiles%\AVG\AVG Family Safety\InetCtrl67.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
TCP: NameServer = 204.193.144.84 174.78.110.87 75.75.76.76
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239} : DHCPNameServer = 204.193.144.84 174.78.110.87 75.75.76.76
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\34963736F63343635373 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\34F4F4B4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\34F4F4B4D20534F5E4564777F627B6F513 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\D434F6F6B686F6D656 : NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\D434F6F6B686F6D656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\D436F6F6B684F6D656 : NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\D436F6F6B684F6D656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{409807DA-5620-48E3-838D-8A45CA0C9A49} : DHCPNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{79079C59-E140-432F-A99F-1D6EBC4BDB70} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDzzzyzzzytByDtDyByBzytN0D0Tzu0CtAyBtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=286899276
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-3-12 8704]
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-3-17 22664]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-2-28 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-2-28 178624]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-3-12 377920]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-3-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-12 45248]
R2 Bsecure;AVG Family Safety;C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [2013-4-21 66376]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-31 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 BSecACFltr;BSecACFltr;C:\Windows\System32\drivers\BSecACFltr.sys [2013-4-21 22832]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-12 104560]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2012-3-17 694888]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-3-12 2159728]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-9-10 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-9-10 29288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-11-12 40320]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-12 1255736]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-3-12 27760]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-21 22:18:50 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Microsoft Shared
2013-04-21 22:18:49 49088 ----a-w- C:\Windows\SysWow64\drivers\BsecFltr.sys
2013-04-21 22:18:49 21624 ----a-w- C:\Windows\SysWow64\drivers\BSecACFltr.sys
2013-04-21 20:16:33 58432 ----a-w- C:\Windows\System32\drivers\BsecFltr.sys
2013-04-21 20:16:33 22832 ----a-w- C:\Windows\System32\drivers\BSecACFltr.sys
2013-04-21 19:57:17 -------- d-----w- C:\Program Files\AVG
2013-04-21 15:06:59 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2013-04-21 14:19:43 -------- d-----w- C:\ProgramData\Cisco Systems
2013-04-19 13:28:35 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ECB6C7CA-7AC1-4564-AD59-0D6BA9B35B82}\mpengine.dll
2013-04-16 18:43:16 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-16 18:23:57 98816 ----a-w- C:\Windows\sed.exe
2013-04-16 18:23:57 256000 ----a-w- C:\Windows\PEV.exe
2013-04-16 18:23:57 208896 ----a-w- C:\Windows\MBR.exe
2013-04-15 02:49:41 -------- d-----w- C:\Users\Cook\AppData\Local\{A53AE3EA-EC11-4280-B38F-C13685D9218E}
2013-04-15 02:29:44 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-04-15 02:29:04 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-15 02:28:48 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-15 02:28:43 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-04-11 23:46:54 -------- d-----w- C:\Users\Cook\AppData\Local\IAC
2013-04-10 20:54:56 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-09 19:59:47 -------- d-----w- C:\Users\Cook\AppData\Local\Solid Savings
2013-04-09 19:59:26 -------- d-----w- C:\Users\Cook\AppData\Local\CRE
2013-04-09 19:59:15 -------- d-----w- C:\Program Files (x86)\OtShot
2013-04-05 18:46:39 -------- d-----w- C:\Users\Cook\AppData\Local\Warframe
2013-04-03 03:25:39 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2013-04-03 03:21:48 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-04-03 03:21:46 -------- d-----w- C:\Users\Cook\AppData\Local\Origin
2013-04-03 03:20:40 -------- d-----w- C:\ProgramData\Electronic Arts
2013-04-03 03:20:39 -------- d-----w- C:\Program Files (x86)\Origin
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-04-01 05:27:17 -------- d-----w- C:\Users\Cook\AppData\Roaming\Origin
2013-04-01 05:26:29 -------- d-----w- C:\ProgramData\Origin
2013-03-25 12:26:40 -------- d-----w- C:\Users\Cook\AppData\Roaming\Nico Mak Computing
2013-03-25 12:26:38 19840 ----a-w- C:\Windows\System32\roboot64.exe
.
==================== Find3M  ====================
.
2013-04-21 15:45:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-21 15:45:57 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-13 00:12:40 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-08 17:33:57 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 17:33:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-08 17:33:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-03 21:38:08 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-28 08:36:32 22664 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
.
============= FINISH: 20:49:03.15 ===============
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 PM

Posted 21 April 2013 - 08:43 PM


Hello mkat

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 23 April 2013 - 08:37 PM

Here is the scan log from SecurityCheck:

 

Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100 
 Java 7 Update 17 
 Java version out of Date!
 Adobe Flash Player 11.7.700.169 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.43 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

AdwCleaner scan log:

# AdwCleaner v2.202 - Logfile created 04/23/2013 at 21:28:49
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Home Premium N Service Pack 1 (64 bits)
# User : Cook - COOK-PC
# Boot Mode : Normal
# Running from : C:\Users\Cook\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Deleted on reboot : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp
File Deleted : C:\END
File Deleted : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Cook\AppData\Local\APN
Folder Deleted : C:\Users\Cook\AppData\Local\Babylon
Folder Deleted : C:\Users\Cook\AppData\Local\Conduit
Folder Deleted : C:\Users\Cook\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Deleted : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp
Folder Deleted : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Deleted : C:\Users\Cook\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cook\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Cook\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Cook\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Cook\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Kids\AppData\Local\Conduit
Folder Deleted : C:\Users\Kids\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Matthew\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Matthew\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Mike\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284668
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3290520
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292584
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndlegeeaeejpodkbnkkofpjpjeigcopp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDzzzyzzzytByDtDyByBzytN0D0Tzu0CtAyBtAtN1L2XzutBtFtBtFtCtFyEtDyB&cr=286899276 --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Cook\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.28] : icon_url = "hxxp://websearch.mocaflix.com/favicon.ico",
Deleted [l.31] : keyword = "websearch",
Deleted [l.35] : search_url = "hxxp://websearch.mocaflix.com/?l=1&q={searchTerms}",
Deleted [l.36] : suggest_url = "hxxp://websearch.mocaflix.com/?l=1&q={searchTerms}"

*************************

AdwCleaner[S1].txt - [16595 octets] - [23/04/2013 21:28:49]

########## EOF - C:\AdwCleaner[S1].txt - [16656 octets] ##########



#4 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 23 April 2013 - 08:43 PM

Here is the scan log for RogueKiller:

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cook [Admin rights]
Mode : Remove -- Date : 04/23/2013 21:42:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] Funmoods : C:\Users\Cook\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 4fb5abd1384e720e744a47498f443cda
[BSP] e843c9ad6ec8f5abc7db7bffe0e3aa7c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04232013_02d2142.txt >>
RKreport[1]_S_04232013_02d2141.txt ; RKreport[2]_D_04232013_02d2142.txt



#5 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 23 April 2013 - 08:46 PM

I just noticed that there were two scan logs RKreport[1] and [2].  The one posted above is [2].  Below is [1]:

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cook [Admin rights]
Mode : Remove -- Date : 04/23/2013 21:42:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] Funmoods : C:\Users\Cook\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 4fb5abd1384e720e744a47498f443cda
[BSP] e843c9ad6ec8f5abc7db7bffe0e3aa7c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04232013_02d2142.txt >>
RKreport[1]_S_04232013_02d2141.txt ; RKreport[2]_D_04232013_02d2142.txt



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 PM

Posted 23 April 2013 - 09:06 PM


Hello mkat

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 April 2013 - 08:20 AM

I followed your instructions to the letter and saved the log, however I cannot access anything on my computer! No Internet, cannot turn on avast or windows firewall. I have restarted several times and it takes a long time to boot up the screen is black for a long time and I get a message saying that failed to connect to a windows service with a fairly long description below it but it doesn't stay on long enough for me to read it. I also get an application error msg: exception ESocketError in module ASHelper.exe at 000F429F.WSACleanup.

Avast will not be able to protect mail/news (error 10044). Please check that avast service is not blocked by your personal firewall.

It also says that my firewall is not on and that Action Center cannot turn it on and it doesn't allow me to turn it on manually either.

I'm trying not to panic but what happened?!!!

I'm having to do this from my iPhone. This cannot post or send thd combo fix log to you. I am able to access many of the programs that I couldn't earlier. But absolutely no Internet. It says Windows could not automatically detect this networks proxy settings

#8 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 April 2013 - 09:24 AM

I have restarted several times so I could try to get the info for you: this is what it says:

Windows could not connect to the System Event Notification Service service. This program prevents standard users from logging on to the system. As an administrative user you can review the System Event Log for details about why the service didn't respond.

Also I cannot get any type of network connection wired or wireless. For a broadband connection it states the device is missing. Under local area connection it cannot diagnose the problem and for wireless that it cannot detect the proxy settings.

Everything else seems to be working except the avast and windows defender firewall (that I have discovered so far)

This is quite frustrating. The router is brand new and was expensive. I have so much work to do but am dead in the water!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 PM

Posted 25 April 2013 - 10:59 AM

do a system restore to right before this happened and let me know how things are after
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 April 2013 - 12:22 PM

Can you direct me to how? I only see a restore point for yesterday the 24th

#11 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 April 2013 - 12:38 PM

I found instructions online. It would not allow me to restore to the most recent, default choice. The message said: there was an unexpected error (0xC000305). Please close System Restore and try again. I then tried the second option to choose my own restore point which was the second most recent 4/23/2013 @ 7:26:08 EDT
Critical Update: Windows Update
Local Disc (C:) (System)

It is currently in Restore mode. I will post again when complete. I don't know how long this takes.

#12 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 April 2013 - 12:50 PM

ok, it is done and I am back online.  Im not sure what happened??  I will include the scan log from Combofix, but don't know if it is now accurate since I restored?

 

ComboFix 13-04-25.01 - Cook 04/25/2013   8:27.2.4 - x64
Microsoft Windows 7 Home Premium N   6.1.7601.1.1252.1.1033.18.8104.6329 [GMT -4:00]
Running from: c:\users\Cook\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-25 to 2013-04-25  )))))))))))))))))))))))))))))))
.
.
2013-04-25 12:36 . 2013-04-25 12:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-04-25 12:36 . 2013-04-25 12:36 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2013-04-25 12:36 . 2013-04-25 12:36 -------- d-----w- c:\users\Mike\AppData\Local\temp
2013-04-25 12:36 . 2013-04-25 12:36 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2013-04-25 12:36 . 2013-04-25 12:36 -------- d-----w- c:\users\Kids\AppData\Local\temp
2013-04-25 12:36 . 2013-04-25 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 03:33 . 2013-04-25 03:33 -------- d-----w- c:\programdata\Ironclad Games
2013-04-25 03:14 . 2013-04-25 03:14 -------- d-----w- c:\program files (x86)\Stardock Games
2013-04-25 03:14 . 2013-04-25 03:14 -------- d-----w- c:\program files (x86)\Common Files\Stardock
2013-04-25 03:10 . 2013-04-25 03:10 -------- d-----w- c:\users\Matthew\AppData\Local\GameStop
2013-04-25 03:10 . 2013-04-25 03:10 -------- d-----w- c:\users\Cook\AppData\Roaming\Stardock
2013-04-25 03:10 . 2013-04-25 03:10 -------- d-----w- c:\programdata\Gibraltar
2013-04-25 03:10 . 2013-04-25 03:10 -------- d-----w- c:\program files (x86)\GameStop App
2013-04-25 03:10 . 2013-04-25 03:10 -------- d-----w- c:\programdata\GameStop
2013-04-25 03:10 . 2013-04-25 03:10 -------- dc-h--w- c:\programdata\{86865DB9-DA2F-4D56-B4A5-F7C9E7A399D8}
2013-04-25 03:10 . 2013-04-25 03:10 -------- d-----w- c:\users\Cook\AppData\Local\PackageAware
2013-04-25 03:08 . 2013-04-25 03:33 -------- d-----w- c:\programdata\Stardock
2013-04-23 17:05 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 17:03 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{393B9361-B4F5-4EB1-B40C-9AED90094B8B}\mpengine.dll
2013-04-21 22:18 . 2013-04-21 22:18 -------- d-----w- c:\program files (x86)\Common Files\Windows Microsoft Shared
2013-04-21 22:18 . 2011-06-14 21:17 49088 ----a-w- c:\windows\SysWow64\drivers\BsecFltr.sys
2013-04-21 22:18 . 2011-06-14 21:17 21624 ----a-w- c:\windows\SysWow64\drivers\BSecACFltr.sys
2013-04-21 20:16 . 2011-06-14 21:17 58432 ----a-w- c:\windows\system32\drivers\BsecFltr.sys
2013-04-21 20:16 . 2011-06-14 21:17 22832 ----a-w- c:\windows\system32\drivers\BSecACFltr.sys
2013-04-21 19:57 . 2013-04-21 22:18 -------- d-----w- c:\program files\AVG
2013-04-21 15:06 . 2013-04-21 15:06 -------- d-----w- c:\program files (x86)\Cisco Systems
2013-04-21 14:19 . 2013-04-21 14:19 -------- d-----w- c:\programdata\Cisco Systems
2013-04-18 22:50 . 2013-04-18 22:50 -------- d-----w- c:\users\Mike\AppData\Roaming\Unity
2013-04-18 21:55 . 2013-04-18 21:55 -------- d-----w- c:\users\Mike\AppData\Local\Unity
2013-04-16 18:48 . 2013-04-25 12:36 -------- d-----w- c:\users\Anna\AppData\Local\temp
2013-04-15 02:29 . 2013-04-15 02:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-04-15 02:29 . 2013-04-15 02:29 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-15 02:28 . 2013-04-15 02:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-15 02:28 . 2013-04-15 02:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-04-14 02:28 . 2013-04-14 02:28 -------- d-----w- c:\users\Mike\AppData\Roaming\LolClient
2013-04-14 02:27 . 2013-04-19 01:07 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
2013-04-11 23:46 . 2013-04-11 23:46 -------- d-----w- c:\users\Cook\AppData\Local\IAC
2013-04-10 20:54 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 01:01 . 2013-04-10 01:31 -------- d-----w- c:\users\Anna\AppData\Roaming\PCFixSpeed
2013-04-09 22:13 . 2013-04-09 22:43 -------- d-----w- c:\users\Matthew\AppData\Roaming\PCFixSpeed
2013-04-09 19:59 . 2013-04-16 17:27 -------- d-----w- c:\users\Cook\AppData\Local\Solid Savings
2013-04-09 19:59 . 2013-04-09 21:55 -------- d-----w- c:\users\Cook\AppData\Local\CRE
2013-04-09 19:59 . 2013-04-15 02:55 -------- d-----w- c:\program files (x86)\OtShot
2013-04-08 01:56 . 2013-04-08 01:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-05 18:46 . 2013-04-06 23:12 -------- d-----w- c:\users\Cook\AppData\Local\Warframe
2013-04-05 02:53 . 2013-04-05 02:53 -------- d-----w- c:\users\Anna\AppData\Roaming\Origin
2013-04-05 02:53 . 2013-04-05 02:53 -------- d-----w- c:\users\Anna\AppData\Local\Origin
2013-04-03 03:25 . 2013-04-03 03:25 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-04-03 03:21 . 2013-04-03 03:22 -------- d-----w- c:\program files (x86)\Origin Games
2013-04-03 03:21 . 2013-04-03 03:21 -------- d-----w- c:\users\Cook\AppData\Local\Origin
2013-04-03 03:20 . 2013-04-03 03:25 -------- d-----w- c:\programdata\Electronic Arts
2013-04-03 03:20 . 2013-04-03 03:21 -------- d-----w- c:\program files (x86)\Origin
2013-04-02 18:42 . 2013-04-02 18:42 -------- d-----w- c:\users\Stephen\AppData\Local\SCE
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-04-01 19:14 . 2013-04-01 19:14 -------- d-----w- c:\users\Stephen\AppData\Roaming\SystemRequirementsLab
2013-04-01 18:14 . 2013-04-01 23:05 -------- d-----w- c:\users\Stephen\AppData\Roaming\Origin
2013-04-01 18:14 . 2013-04-01 18:14 -------- d-----w- c:\users\Stephen\AppData\Local\Origin
2013-04-01 05:27 . 2013-04-02 14:48 -------- d-----w- c:\users\Cook\AppData\Roaming\Origin
2013-04-01 05:26 . 2013-04-03 03:25 -------- d-----w- c:\programdata\Origin
2013-03-28 21:29 . 2013-04-24 19:42 -------- d-----w- c:\users\Kids\AppData\Local\Spotify
2013-03-28 21:29 . 2013-04-24 19:43 -------- d-----w- c:\users\Kids\AppData\Roaming\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 15:45 . 2012-04-05 22:21 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-21 15:45 . 2012-03-18 13:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 19:38 . 2012-03-12 22:50 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 00:12 . 2013-01-30 23:18 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-03-12 05:10 . 2012-03-12 22:45 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-08 17:33 . 2013-03-08 17:33 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 17:33 . 2013-03-01 13:57 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-08 17:33 . 2012-03-31 16:45 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-06 22:33 . 2013-02-28 14:19 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 22:33 . 2013-02-28 14:19 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 22:33 . 2012-03-12 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-03-12 23:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 22:33 . 2012-03-12 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-03-12 23:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2012-03-12 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:33 . 2012-03-12 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:32 . 2012-03-12 23:11 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2012-03-12 23:33 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-03 21:38 . 2013-01-30 22:14 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-02-28 08:36 . 2012-03-17 17:24 22664 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-19 16:02 . 2013-02-19 16:02 77824 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2013-02-14 17:06 . 2013-02-14 17:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-02-14 17:06 . 2013-02-14 17:06 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-14 17:05 . 2013-02-14 17:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-14 17:05 . 2013-02-14 17:05 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-13 15:07 . 2013-03-25 12:26 19840 ----a-w- c:\windows\system32\roboot64.exe
2013-02-12 05:45 . 2013-03-13 17:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 17:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 17:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 17:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 17:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 21:30 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}]
c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 5629312]
"Driver Pro"="c:\program files (x86)\Driver Pro\DPLauncher.exe" [2012-10-30 340512]
"GoogleChromeAutoLaunch_A05EE03FCFC48E6AAA021CBFCEDA205B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-24 5199984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-26 295072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"OtShot"="c:\program files (x86)\OtShot\otshot.exe" [2012-10-18 4386816]
"AVG Family Safety"="c:\program files (x86)\AVG\AVG Family Safety\BsecTray.exe" [2011-12-07 97096]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix Receiver.lnk - c:\users\Cook\AppData\Local\Citrix\SelfService\Program Files\SelfServicePlugin.exe [N/A]
.
c:\users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2013-1-18 1963872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-02-12 8704]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-09-28 24576]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-06-14 27760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bsecure;AVG Family Safety;c:\program files (x86)\AVG\AVG Family Safety\InetCtrl.exe [2011-12-07 66376]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S3 BSecACFltr;BSecACFltr;c:\windows\system32\DRIVERS\BSecACFltr.sys [2011-06-14 22832]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-06-14 2159728]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-19 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-19 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-19 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-19 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-19 29288]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 12:23 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:45]
.
2013-04-25 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2012-12-08 19:24]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26 14:08]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26 14:08]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15 02:43]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15 02:43]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-01 00:34]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA.job
- c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-01 00:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 204.193.144.84 174.78.110.87 75.75.76.76
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\D434F6F6B686F6D656: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{24FC834C-AAE8-4646-93B1-24F061852239}\D436F6F6B684F6D656: NameServer = 8.8.8.8,8.8.8.4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
WebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file)
AddRemove-Amazon Browser Bar - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,74,79,f6,00,3e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,ef,70,9a,d2,c1,11,49,9c,7b,83,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,ef,70,9a,d2,c1,11,49,9c,7b,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,ef,70,9a,d2,c1,11,49,9c,7b,83,\
.
[HKEY_USERS\S-1-5-21-3903621085-115719457-3043737636-1000\Software\SecuROM\License information*]
"datasecu"=hex:07,9e,cb,68,9f,4b,75,b1,50,60,30,a6,95,17,9e,20,45,39,b7,e2,fe,
   0f,b5,b5,54,75,83,79,1e,1f,eb,de,d3,dc,60,ee,c0,4d,c1,95,3d,7f,7b,59,ed,74,\
"rkeysecu"=hex:a7,cc,25,ef,82,a6,95,e1,22,a6,36,60,c3,a8,c1,4b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\AVG\AVG Family Safety\BSecAMX.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2013-04-25  08:46:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-25 12:46
ComboFix2.txt  2013-04-16 18:48
.
Pre-Run: 147,346,391,040 bytes free
Post-Run: 147,074,494,464 bytes free
.
- - End Of File - - 52552F4C66DD338D60BB38B748E1D1E1
 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:04 PM

Posted 25 April 2013 - 12:57 PM

OK good job! let me know how things are right now so I can make a plan




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 April 2013 - 01:14 PM

It booted up quicker this time. I still see outshot, but from the little time I spent on it it's better. My son is watching a movie on it on Netflix. Sometimes we pages don't look right - not in visual format but lists and photos all lines up alo g the left side? This has been intermittent. Sometimes this way and sometimes ok. The Internet seems a bit slow on its load time, yet streaming seems ok.

#15 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 April 2013 - 01:21 PM

By the way, thank you for your quick response, help and encouraging words. Not having Internet is pretty crucial to us between work and kids homework.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users