Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Issues


  • This topic is locked This topic is locked
8 replies to this topic

#1 cubbies7

cubbies7

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 22 May 2013 - 01:21 PM

I have a computer (Toshiba Satellite P205-S6267 and is running Windows 7 Home Premium) that had a bunch of viruses on it, including 24x7 Help. I found on this forum steps to eliminate that virus, and others, which I did but there are still issues. It still won't connect to the internet (I think there may still be lingering issues with 24x7 Help and others). And when I still try and open an exe program like rKill or adwcleaner it says "The specified service does not exist as an installed service." I reran the dds in safe mode and the results are below. I don't know what to do except re-install Windows, any help would be greatly appreciated, thanks. 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 9.0.8112.16450  BrowserJavaVersion: 10.5.1
Run by Bud at 16:47:40 on 2013-05-15
#Option MBR scan  is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2038.1690 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120623050605.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000 
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Amazon Cloud Drive] c:\users\bud\appdata\local\amazon\cloud drive\AmazonCloudDrive.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [ISUSPM] STALLSHIELD\UPDATESERVICE\ISUSPM.EXE" -SCHEDULER
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [Microsoft Default Manager] AGER\DEFMGR.EXE" -RESUME
mRun: [mcui_exe] KEY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HTC Sync Loader] C 3.0\HTCUPCTLOADER.EXE" -STARTUP
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
StartupFolder: c:\users\bud\appdata\roaming\micros~1\windows\startm~1\programs\startup\memeoa~1.lnk - c:\users\bud\appdata\roaming\microsoft\installer\{39a908fd-7322-41ae-b374-c7a076b2fc97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\users\bud\appdata\roaming\micros~1\windows\startm~1\programs\startup\memeoa~2.lnk - c:\program files\memeo\autosync\MemeoLauncher.exe
StartupFolder: c:\users\bud\appdata\roaming\micros~1\windows\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\accuwe~1.lnk - c:\program files\accuweather\desktop\AccuWeatherDesktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\common files\desktop alert\TrueWeather.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{11CFB596-887A-48D6-87FE-58AEB784DAF2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{791A25E2-A463-4DB4-BE9B-9D2D4D331C88} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-12-30 169608]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-5 464304]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-12-30 64912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a350743aede0;Google Update Service (gupdate1c9a350743aede0);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-26 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-26 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-26 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-26 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-30 166288]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-30 161632]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-30 151880]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-8-12 87040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2009-8-13 262416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-30 57600]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-8-19 22176]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-26 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-5 180848]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-5 59456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-30 340920]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-30 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-5 40552]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-6 1343400]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2013-05-15 21:22:45 -------- d-----w- c:\windows\ERUNT
2013-05-15 21:16:25 -------- d-----w- C:\JRT
2013-05-15 20:47:34 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-15 20:29:07 -------- d-----w- c:\users\bud\appdata\local\temp
2013-05-15 20:09:40 98816 ----a-w- c:\windows\sed.exe
2013-05-15 20:09:40 256000 ----a-w- c:\windows\PEV.exe
2013-05-15 20:09:40 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M  ====================
.
.
============= FINISH: 16:50:59.77 ===============

 



BC AdBot (Login to Remove)

 


#2 cubbies7

cubbies7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 May 2013 - 02:35 PM

I forgot to mention, when I ran Combofix it popped up that McAfee was still running. The machine has Cox Security Suite powered by McAfee and I tried to stop it though turning off real time scanning, and through the task manager, but it still showed up. I couldn't find how to disable it, I think that may have caused the Combofix issue to not eliminate the virus.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:43 AM

Posted 27 May 2013 - 09:36 AM

Greetings cubbies7 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do the following for me.

===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller to a USB device and transfer it to the desktop of your infected computer
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • RogueKiller log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 cubbies7

cubbies7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 28 May 2013 - 07:10 PM

Hey Gary, thanks for the help. It appears as though RogueKiller has helped quite a bit, but there are still issues. It runs really slowly, and the icon for the 24x7 virus is still in every window. There still seem to be issues, but they are definitely fewer. Below are the reports (as I said above, I could not close McAfee while running Combofix, if there is a way to do that easily, I would rerun it). 

 

ComboFix 13-05-15.01 - Bud 05/15/2013  15:16:00.1.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2038.1599 [GMT -5:00]
Running from: c:\users\Bud\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\HeadlineAlley_29EI
c:\program files\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll
c:\program files\HeadlineAlley_29EI\Installr\1.bin\29EZSETP.dll
c:\program files\HeadlineAlley_29EI\Installr\1.bin\NP29EISb.dll
c:\program files\Shop to Win 31\HeLPer.dll
c:\program files\Shop to Win
c:\program files\Shop to Win\InstallNotifier.exe
c:\program files\Shop to Win\ShopToWin.exe
c:\program files\Shop to Win\STWNotify.exe
c:\program files\Shop to Win\STWSetup-IE.exe
c:\program files\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files\Shop to Win\TestFeeds\MainStatus.xml
c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files\Shop to Win\unins000.dat
c:\program files\Shop to Win\unins000.exe
c:\program files\Shop to Win\unins001.dat
c:\program files\Shop to Win\unins001.exe
c:\program files\Shop to Win\unins002.dat
c:\program files\Shop to Win\unins002.exe
c:\program files\TelevisionFanaticEI
c:\program files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll
c:\program files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll
c:\program files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll
c:\program files\TotalRecipeSearch_14
c:\program files\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14bar.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14html.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\program files\TotalRecipeSearch_14EI
c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
c:\users\Bud\00BDicty (2).001
c:\users\Bud\00BDicty.001
c:\users\Bud\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
c:\users\Bud\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Bud\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Bud\Documents\ShopToWin
c:\users\Bud\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Bud\GoToAssistDownloadHelper.exe
c:\users\Bud\METODA~1 (2).001
c:\users\Bud\METODA~1.001
c:\users\Bud\sxe21CA (2).tmp
c:\users\Bud\sxe21CA.tmp
c:\users\Bud\sxe7DC0 (2).tmp
c:\users\Bud\sxe7DC0.tmp
c:\users\Public\invokesi.exe
c:\windows\COUPon~1.ocx
c:\windows\system32\SET6DEA.tmp
c:\windows\system32\SET708D.tmp
c:\windows\system32\SET716B.tmp
c:\windows\system32\SET7318.tmp
c:\windows\system32\SET74B1.tmp
c:\windows\system32\SETA1B.tmp
c:\windows\system32\SETD4C.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TotalRecipeSearch_14Service
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-15 to 2013-05-15  )))))))))))))))))))))))))))))))
.
.
2013-05-15 20:29 . 2013-05-15 20:47 -------- d-----w- c:\users\Bud\AppData\Local\temp
2013-05-15 20:29 . 2013-05-15 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-03-21 12:39 342232 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-05 22:20 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 18:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Productivity_3.1\prxtbProd.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{a8938ed0-6c0c-4143-a80e-e12136c5c69a}]
2010-12-09 18:51 3911776 ----a-w- c:\program files\Radio_Bar_1.1\tbRadi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2012-09-05 03:39 832720 ----a-w- c:\progra~1\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-05 333192]
"{a8938ed0-6c0c-4143-a80e-e12136c5c69a}"= "c:\program files\Radio_Bar_1.1\tbRadi.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{9427041a-a8dc-4d06-9a68-93873486e957}"= "c:\program files\Productivity_3.1\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{a8938ed0-6c0c-4143-a80e-e12136c5c69a}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-05 333192]
"{A8938ED0-6C0C-4143-A80E-E12136C5C69A}"= "c:\program files\Radio_Bar_1.1\tbRadi.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{9427041A-A8DC-4D06-9A68-93873486E957}"= "c:\program files\Productivity_3.1\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{a8938ed0-6c0c-4143-a80e-e12136c5c69a}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 19:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 19:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-11-18 226576]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-06-30 1652736]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-08-18 67456]
"QuickenScheduledUpdates"="c:\program files\Quicken\bagent.exe" [2011-03-10 77656]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-10-23 5013128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-06-23 10555904]
"Amazon Cloud Drive"="c:\users\Bud\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-09-25 875512]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="STALLSHIELD\UPDATESERVICE\ISUSPM.EXE -SCHEDULER" [X]
"Microsoft Default Manager"="AGER\DEFMGR.EXE -RESUME" [X]
"mcui_exe"="KEY" [X]
"HTC Sync Loader"="C 3.0\HTCUPCTLOADER.EXE -STARTUP" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 30192]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"24x7HELP"="c:\program files\24x7Help\App24x7Help.exe" [2012-05-18 1684632]
.
c:\users\Bud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\users\Bud\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [N/A]
Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-7-6 125976]
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AccuWeather Desktop.lnk - c:\program files\AccuWeather\Desktop\AccuWeatherDesktop.exe [2009-4-30 967472]
desktop alert.lnk - c:\program files\Common Files\desktop alert\TrueWeather.exe [2008-2-17 5791744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-28 809488]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-9-18 4533648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
R2 24x7HelpSvc;24x7HelpService;c:\program files\24x7Help\App24x7Svc.exe [x]
R2 gupdate1c9a350743aede0;Google Update Service (gupdate1c9a350743aede0);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ   wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ   WcesComm RapiMgr
HPService REG_MULTI_SZ   HPSLPSVC
nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 04:14]
.
2013-05-15 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-05 20:24]
.
2012-12-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-02 08:10]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 20:23]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 20:23]
.
2013-05-15 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-09-09 09:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80118&lng=en
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.2.1
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\REBATE~1\RebateI.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Shop To Win - c:\program files\Shop To Win\ShopToWin.exe
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-Kernel and Hardware Abstraction Layer - PR.EXE
HKLM-Run-00TCrdMain - .EXE
HKLM-Run-AppleSyncNotifier - OTIFIER.EXE
HKLM-Run-Camera Assistant Software - T SOFTWARE FOR TOSHIBA\TRAYBAR.EXE
HKLM-Run-KeNotify - OTIFY.EXE
HKLM-Run-SearchSettings - GS.EXE
HKLM-Run-TPwrMain - .EXE
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
HKLM-Run-iTunesHelper - ESHELPER.EXE
HKLM-Run-TotalRecipeSearch_14 Browser Plugin Loader - .EXE
HKLM-Run-VMM Mode Selection - .EXE
HKLM-Run-APSDaemon - .EXE
HKLM-Run-MapsGalaxy Search Scope Monitor - .EXE
HKLM-Run-MapsGalaxy_39 Browser Plugin Loader - .EXE
HKLM-Run-SiteRanker - KTRAY.EXE
HKLM-Run-SunJavaUpdateSched - FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
HKLM-Run-InboxToolbar - BOX.EXE
AddRemove-LandWare Pocket Quicken 2.5 - c:\windows\suinsta4001.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files\the weather channel fw\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-WEATHER SERVICES - c:\progra~1\THEWEA~1\Framework\wxfw.cpl
AddRemove-{1220BDA0-E418-4789-BFF5-072062B29D01}_is1 - c:\program files\Shop To Win\unins002.exe
AddRemove-{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1 - c:\program files\Shop To Win\unins000.exe
AddRemove-{D0D9F8EE-E123-4E0F-9BA3-2128C6588AF5}_is1 - c:\program files\Shop To Win\unins001.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52,
   34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c
"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}"=hex:51,66,7a,6c,4c,1d,38,12,0b,7b,fa,
   d3,bd,df,8a,04,e3,c6,66,eb,19,09,08,fc
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{A8938ED0-6C0C-4143-A80E-E12136C5C69A}"=hex:51,66,7a,6c,4c,1d,38,12,be,8d,80,
   ac,3e,22,2d,04,d7,18,a2,61,33,9b,82,8e
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
   34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c,
   24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{91917DC6-93B9-4E62-B2D6-D39C9618C418}"=hex:51,66,7a,6c,4c,1d,38,12,a8,7e,82,
   95,8b,dd,0c,0b,cd,c0,90,dc,93,46,80,0c
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D3D233D5-9F6D-436C-B6C7-E63F77503B30}"=hex:51,66,7a,6c,4c,1d,38,12,bb,30,c1,
   d7,5f,d1,02,06,c9,d1,a5,7f,72,0e,7f,24
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"=hex:51,66,7a,6c,4c,1d,38,12,20,75,01,
   e7,34,39,9f,06,f2,bd,bf,9d,2e,40,05,79
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:eb,07,32,e2,57,22,cc,01
.
[HKEY_LOCAL_MACHINE\software\Toshiba\IVP\Services\Software Upgrades\Swupdtmr]
@DACL=(02 0000)
@SACL=
"STATE"=dword:00000004
"TMH"=dword:01ca1ba8
"TML"=dword:fdeda545
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1120)
c:\program files\MozyHome\mozyshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2013-05-15  15:56:06 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-15 20:56
.
Pre-Run: 20,952,035,328 bytes free
Post-Run: 25,269,751,808 bytes free
.
- - End Of File - - 47B7F01E5C8738A76A5B342F0B9F81CC
 

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User : Bud [Admin rights]
Mode : Scan -- Date : 05/28/2013 18:31:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[STARTUP][SUSP PATH] Memeo AutoBackup Launcher.lnk @Bud : C:\Users\Bud\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [-] -> FOUND
[STARTUP][SUSP PATH] AccuWeather Desktop.lnk @Common : C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe [7] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\$Recycle.Bin\S-1-5-21-703339395-2703970846-3001119950-1000\$628d0cc66f0d3d8f51925f2ada84e101\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\$Recycle.Bin\S-1-5-18\$628d0cc66f0d3d8f51925f2ada84e101\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 :  (C:\$Recycle.Bin\S-1-5-18\$628d0cc66f0d3d8f51925f2ada84e101\n.) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
--- User ---
[MBR] 2f1779b06d616477f0e8a4151e838f8d
[BSP] 03eacf6956157607c1e05b2d971f922b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112972 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05282013_02d1831.txt >>
RKreport[1]_S_05282013_02d1831.txt



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:43 AM

Posted 28 May 2013 - 07:31 PM

Greetings,

When you ran RogueKiller did you select Delete? If not, please rerun that and delete the identified entries.

I would also like you to run this for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • AdwCleaner log
  • Junkware log
  • Any change with your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 cubbies7

cubbies7
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 28 May 2013 - 09:09 PM

I truly appreciate the help Gary. The computer is running leaps and bounds better. It doesn't appear as though there are any malicious programs running, just a lot of junk that I'll have to ask my grandpa what he actually uses so I can delete crap like weatherbug. If there still appear to be issues you see when looking at the logs below, please let me know, otherwise I think the issue is solved. Also, I did not post the rogue killer log because in the previous post I did delete the files. Thanks again for all the help. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Bud on Tue 05/28/2013 at 20:02:52.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] 24x7helpsvc 
Successfully deleted: [Service] 24x7helpsvc 
Successfully stopped: [Service] mapsgalaxy_39service 
Successfully deleted: [Service] mapsgalaxy_39service 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\24x7help
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\inboxtoolbar
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\installiqupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mapsgalaxy search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mapsgalaxy_39 browser plugin loader
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rebateinformer
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\shop to win
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\siteranker
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-703339395-2703970846-3001119950-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\shoptowin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\dealio
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\lowregistry\dealio
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\lowregistry\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\shoppingbho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4client
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4script
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imside1egate.application.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a3bb3c491a65ed342a24b8144fe679fe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\rebinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebate informer bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebateinformimagegen
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebateinf.rebateinfobj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062377.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062377.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062377.Shopping
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062377.Shopping.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100573.FCTB000100573Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100573.FCTB000100573Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100573.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100573.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100573.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100573.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062377.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062377.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062377.Shopping
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062377.Shopping.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100573.FCTB000100573Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100573.FCTB000100573Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100573.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100573.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100573.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100573.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2860551
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3008668
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041A-A8DC-4D06-9A68-93873486E957}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED} 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED} 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98} 
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\askbardis" 
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Bud\AppData\LocalLow\FCTB000100573
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\locallow\inbox toolbar"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\locallow\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\locallow\productivity_3.1"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\locallow\rebateinformer"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\locallow\siteranker"
Successfully deleted: [Folder] "C:\Users\Bud\appdata\locallow\totalrecipesearch_14ei"
Successfully deleted: [Folder] "C:\Program Files\24x7help"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\dealio toolbar"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\inbox toolbar"
Successfully deleted: [Folder] "C:\Program Files\inbox.com"
Successfully deleted: [Folder] "C:\Program Files\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Program Files\productivity_3.1"
Successfully deleted: [Folder] "C:\Program Files\rebateinformer"
Successfully deleted: [Folder] "C:\Program Files\shop to win"
Successfully deleted: [Folder] "C:\Program Files\siteranker"
Successfully deleted: [Folder] "C:\Program Files\televisionfanaticei"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rebateinformer"
Successfully deleted: [Empty Folder] C:\Users\Bud\appdata\local\{27C5DBAF-0B3B-4FD5-BF63-0B970D7D36A3}
Successfully deleted: [Empty Folder] C:\Users\Bud\appdata\local\{ABFE8AAA-6B57-485A-A24C-4ED8C6BB941F}
Successfully deleted: [Folder] "C:\Program Files\askbardis\bar\bin" 
Successfully deleted: [Folder] "C:\Program Files\askbardis\bar" 
Successfully deleted: [Folder] "C:\Program Files\askbardis" 
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/28/2013 at 20:05:01.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 20:21:02
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Bud - BUD-PC
# Boot Mode : Normal
# Running from : C:\Users\Bud\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9LOSV9T\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R4].txt - [2245 octets] - [24/05/2013 14:43:53]
AdwCleaner[R5].txt - [1035 octets] - [28/05/2013 20:21:02]
AdwCleaner[S2].txt - [1020 octets] - [24/05/2013 14:41:04]

########## EOF - C:\AdwCleaner[R5].txt - [1155 octets] ##########



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:43 AM

Posted 28 May 2013 - 09:21 PM

Greetings,

We are almost there but have a bit more to do. If you can, please hang with me for another post or 2.

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck Install the Ask Toolbar and make Ask my default search provider
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:
  • Click Start, Control Panel, Java, then Advanced
  • Scroll down to Miscellaneous then uncheck the box for Java Quick Starter.
  • Click OK and reboot your computer.
===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java install properly?
  • Malwarebytes log
  • ESET log
  • Is Grandpa's computer still running well?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:43 AM

Posted 31 May 2013 - 08:38 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:43 AM

Posted 03 June 2013 - 09:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users