Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot download programs from web or files from email


  • This topic is locked This topic is locked
23 replies to this topic

#1 bobbrew1231

bobbrew1231

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 27 July 2013 - 08:36 AM

Attached File  attach.txt   7.17KB   0 downloads

 



BC AdBot (Login to Remove)

 


#2 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 27 July 2013 - 08:41 AM

this info was to be on post here it is

 

when I try to open attachments from email client nothing opens

 

when I try to save attachments from email client I get error message there was an error saving check disk space (there is plenty of disk space)

 

when I try to open or save attachments from web email client I get error message xxx.xxx contained a virus and was deleted.

 

when I try to download program from internet I get message saying it contained virus and was deleted.

 

 

here is the dds file

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.25.2
Run by Wanda at 8:50:47 on 2013-07-27
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2812.1867 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\SLsvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\WLANExt.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
dURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [MobiLink3] c:\program files\novatel wireless\virgin mobile\MobiLink3.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.employflorida.com/controls/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1AB8F30D-46D3-4BBC-BD61-9CAFA929F09B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2EEBFCA2-7324-4B6E-AFF3-48E90517C759} : DHCPNameServer = 192.168.2.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
AppInit_DLLs= APSHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 68.169.39.220 www.craigslist.org
Hosts: 68.169.39.220 www.craigslist.net
Hosts: 68.169.39.220 www.craigslist.com
Hosts: 68.169.39.220 craigslist.org
Hosts: 68.169.39.220 craigslist.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-20 37352]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-3-20 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-3-20 108088]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-20 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-20 21504]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-20 84744]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-2 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-1 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-26 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-26 701512]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-8-24 82432]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-26 22856]
S2 0227511245973530mcinstcleanup;McAfee Application Installer Cleanup (0227511245973530);c:\users\wanda\appdata\local\temp\022751~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\wanda\appdata\local\temp\022751~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-26 193840]
S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]
S4 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 26168]
.
=============== Created Last 30 ================
.
2013-07-26 23:41:02 -------- d-----w- c:\users\wanda\appdata\roaming\SUPERAntiSpyware.com
2013-07-26 23:40:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-26 23:40:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-26 21:52:27 -------- d-----w- c:\users\wanda\appdata\roaming\Malwarebytes
2013-07-26 21:52:16 -------- d-----w- c:\programdata\Malwarebytes
2013-07-26 21:52:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-26 21:52:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-15 07:00:51 -------- d-----w- c:\windows\system32\MRT
2013-07-14 19:41:07 -------- d-----w- c:\users\wanda\appdata\local\eefaf7c0-3823-4306-bcb6-af727660ccb9ad
2013-07-14 19:40:57 0 ----a-w- c:\users\wanda\vlcplayer.exe
2013-07-14 19:40:56 0 ----a-w- c:\users\wanda\notepad.exe
2013-07-14 19:40:55 0 ----a-w- c:\users\wanda\icq.exe
2013-07-10 22:59:15 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 22:58:43 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-10 22:58:43 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-10 22:58:43 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 22:58:42 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-10 22:58:42 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-10 22:58:42 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-10 22:58:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-10 22:58:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-10 22:58:42 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-10 22:58:41 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 22:58:39 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 22:58:36 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-08 23:29:25 -------- d-----w- C:\Verizon_Android
.
==================== Find3M ====================
.
2013-07-19 16:16:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-19 16:16:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-19 16:16:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 16:37:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 16:37:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-08 22:05:20 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-08 22:05:20 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 22:05:20 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 22:05:20 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-25 22:05:21 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-05-08 04:37:21 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll
.
============= FINISH: 8:51:35.10 ===============



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 PM

Posted 27 July 2013 - 01:57 PM





Hello bobbrew1231

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 27 July 2013 - 05:57 PM

Attached File  Addition.txt   21.9KB   0 downloads

 

Hi Gringo thanks for the reply here is the frst.txt file the addition file is attached...........bob

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2013 04
Ran by Wanda (administrator) on 27-07-2013 18:42:56
Running from C:\Users\Wanda\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SafeBoot International) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\accoca.exe
(Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Bioscrypt Inc.) c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ActivIdentity) c:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [accrdsub] - c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [293168 2007-05-15] (ActivIdentity)
HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WatchDog] - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-15] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [PMBVolumeWatcher] - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [MobiLink3] - C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe [902144 2009-08-26] (Novatel Wireless Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-14] (SUPERAntiSpyware.com)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3613806084-3443726993-327657541-1004\$ff24043d55f85ce9a20a8337d9b4b888\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {308c548f-6d9d-11df-ae75-0024816ade8b} - G:\LiteAuto.exe
MountPoints2: {42631493-ba88-11df-8d55-002100e29001} - H:\LaunchU3.exe -a
MountPoints2: {e3daf48f-dc5b-11e2-bec0-0024816ade8b} - G:\VZW_Software_upgrade_assistant.exe
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\LogMeInRemoteUser\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2009-04-11] (Microsoft Corporation)
HKU\LogMeInRemoteUser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
SearchScopes: HKLM - DefaultScope {53085AF8-4F6D-40B7-ABC2-BCD27F5E6DC4} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1091&query={searchTerms}&invocationType=tb50hpcmnbie7-en-us
SearchScopes: HKLM - {53085AF8-4F6D-40B7-ABC2-BCD27F5E6DC4} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1091&query={searchTerms}&invocationType=tb50hpcmnbie7-en-us
SearchScopes: HKLM - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZU^xpt058^S01630^us&si=4118&ptb=E0E6A6FB-0A3E-4B6E-A5B6-B70AEEFE0BAF&ind=2012052507&n=77ed7c1b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {1FBA88CD-6EAD-44D5-A1E7-DC05BAF1BC1A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKCU - {1FBA88CD-6EAD-44D5-A1E7-DC05BAF1BC1A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKCU - {53085AF8-4F6D-40B7-ABC2-BCD27F5E6DC4} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1091&query={searchTerms}&invocationType=tb50hpcmnbie7-en-us
SearchScopes: HKCU - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZU^xpt058^S01630^us&si=4118&ptb=E0E6A6FB-0A3E-4B6E-A5B6-B70AEEFE0BAF&ind=2012052507&n=77ed7c1b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {B8D28692-A45E-45D0-8680-4324792E57DF} URL = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=ASI2-V6&itbv=11.7.1.31&o=APN10740&locale=en_US&apn_uid=B936A0A1-2BC2-45E0-AF5A-E1BA571C2FB9&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^YY^US&apn_dbr=ie_9.0.8112.16470&doi=2013-03-21&q={searchTerms}&
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.employflorida.com/controls/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?l=dis&o=APN10740cr&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^YY^US&p2=^ATQ^YYYYYY^YY^US&tpid=ASI2-V6&apn_dbr=ie_9.0.8112.16470&apn_uid=B936A0A1-2BC2-45E0-AF5A-E1BA571C2FB9&itbv=11.7.1.31&doi=2013-03-21
CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR Extension: (Docs) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-15] (ActivIdentity)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-20] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-20] (Bioscrypt Inc.)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION)
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
S4 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [18944 2008-06-02] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-30] (SafeBoot International)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [82432 2009-08-24] ()
S2 0227511245973530mcinstcleanup; C:\Users\Wanda\AppData\Local\Temp\022751~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-27] (Avira Operations GmbH & Co. KG)
R2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [13624 2013-05-25] (LogMeIn, Inc.)
R2 LMIRfsDriver; C:\windows\system32\drivers\LMIRfsDriver.sys [47640 2008-08-11] (LogMeIn, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NWVMModem; C:\Windows\System32\DRIVERS\nwvmmdm.sys [174720 2009-05-15] (Novatel Wireless Inc.)
S3 NWVMPort; C:\Windows\System32\DRIVERS\nwvmser.sys [174720 2009-05-15] (Novatel Wireless Inc.)
S3 NWVMPort2; C:\Windows\System32\DRIVERS\nwvmser2.sys [174720 2009-05-15] (Novatel Wireless Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12496 2008-05-30] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [108752 2008-05-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51376 2008-05-30] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12928 2008-05-30] (SafeBoot International)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-20] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-27 18:42 - 2013-07-27 18:42 - 00000000 ____D C:\FRST
2013-07-27 18:42 - 2013-07-27 18:40 - 01221426 _____ (Farbar) C:\Users\Wanda\Desktop\FRST.exe
2013-07-27 08:52 - 2013-07-27 08:56 - 00016241 _____ C:\Users\Wanda\Desktop\dds.txt
2013-07-27 08:52 - 2013-07-27 08:56 - 00007339 _____ C:\Users\Wanda\Desktop\attach.txt
2013-07-27 08:38 - 2013-07-27 08:39 - 00148744 _____ C:\windows\Minidump\Mini072713-01.dmp
2013-07-26 19:41 - 2013-07-27 06:37 - 00000000 ____D C:\Program Files\Google
2013-07-26 19:41 - 2013-07-26 19:41 - 00000510 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task de08ef2d-2186-41a7-a2af-507fa54d9fcd.job
2013-07-26 19:41 - 2013-07-26 19:41 - 00000510 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4a4783a6-8532-4057-90ba-2c139cfbb7d7.job
2013-07-26 19:41 - 2013-07-26 19:41 - 00000000 ____D C:\Users\Wanda\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 19:40 - 2013-07-26 19:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-26 19:40 - 2013-07-26 19:40 - 00001800 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-26 19:40 - 2013-07-26 19:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-26 17:52 - 2013-07-26 17:52 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\Users\Wanda\AppData\Roaming\Malwarebytes
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 17:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-26 17:15 - 2013-07-26 17:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Wanda\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-26 17:10 - 2013-07-26 17:10 - 00014410 _____ C:\Users\Wanda\Documents\insurance letter.odt
2013-07-19 12:17 - 2013-07-19 12:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-19 12:16 - 2013-07-19 12:16 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-19 12:16 - 2013-07-19 12:16 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-19 12:16 - 2013-07-19 12:16 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-15 03:00 - 2013-07-15 03:03 - 00000000 ____D C:\windows\system32\MRT
2013-07-14 15:41 - 2013-07-25 20:35 - 00000000 ____D C:\Users\Wanda\AppData\Local\eefaf7c0-3823-4306-bcb6-af727660ccb9ad
2013-07-14 15:41 - 2013-07-25 20:00 - 00000332 ____H C:\windows\Tasks\{8BDF0B56-5C73-4EE6-89CA-4FD9B53931FF}.job
2013-07-11 03:10 - 2013-05-28 21:56 - 12333568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-11 03:10 - 2013-05-28 21:50 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-11 03:10 - 2013-05-28 21:48 - 09738752 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-11 03:10 - 2013-05-28 21:41 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-07-11 03:10 - 2013-05-28 21:41 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-11 03:10 - 2013-05-28 21:41 - 01104384 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-11 03:10 - 2013-05-28 21:40 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-11 03:10 - 2013-05-28 21:38 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-11 03:10 - 2013-05-28 21:37 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-07-11 03:10 - 2013-05-28 21:36 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-07-11 03:10 - 2013-05-28 21:35 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-11 03:10 - 2013-05-28 21:35 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-11 03:10 - 2013-05-28 21:33 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 03:10 - 2013-05-28 21:33 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-11 03:10 - 2013-05-28 21:33 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-11 03:10 - 2013-05-28 21:29 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-10 18:59 - 2013-06-03 21:50 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 18:58 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 18:58 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 18:58 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2013-07-10 18:58 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2013-07-10 18:58 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2013-07-10 18:58 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2013-07-10 18:58 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2013-07-10 18:58 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2013-07-10 18:58 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2013-07-10 18:58 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 18:58 - 2013-04-17 06:10 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2013-07-08 19:29 - 2013-07-08 19:29 - 00000000 ____D C:\Verizon_Android
2013-07-08 19:29 - 2013-07-08 19:29 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-07-08 19:28 - 2013-07-08 19:31 - 00000000 ____D C:\Users\Wanda\Desktop\CADES COVE 2013
2013-07-04 09:16 - 2013-07-04 09:16 - 00000215 _____ C:\Users\Wanda\Desktop\EMAIL.url
2013-07-02 17:19 - 2013-07-02 18:47 - 00000000 ____D C:\Users\Wanda\Desktop\treetops zip park 2013
2013-07-01 09:09 - 2013-07-01 09:09 - 00018461 _____ C:\Users\Wanda\Documents\FLUID -- Florida Unemployment Internet Direct Claims_asp.mht

==================== One Month Modified Files and Folders =======

2013-07-27 18:42 - 2013-07-27 18:42 - 00000000 ____D C:\FRST
2013-07-27 18:40 - 2013-07-27 18:42 - 01221426 _____ (Farbar) C:\Users\Wanda\Desktop\FRST.exe
2013-07-27 17:57 - 2006-11-02 08:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 17:57 - 2006-11-02 08:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 16:58 - 2009-06-25 18:43 - 01819089 _____ C:\windows\WindowsUpdate.log
2013-07-27 09:53 - 2009-06-25 18:49 - 00000000 ____D C:\Users\Wanda
2013-07-27 08:56 - 2013-07-27 08:52 - 00016241 _____ C:\Users\Wanda\Desktop\dds.txt
2013-07-27 08:56 - 2013-07-27 08:52 - 00007339 _____ C:\Users\Wanda\Desktop\attach.txt
2013-07-27 08:39 - 2013-07-27 08:38 - 00148744 _____ C:\windows\Minidump\Mini072713-01.dmp
2013-07-27 08:38 - 2012-04-09 13:46 - 204554694 _____ C:\windows\MEMORY.DMP
2013-07-27 08:38 - 2012-04-09 13:46 - 00000000 ____D C:\windows\Minidump
2013-07-27 08:38 - 2008-06-26 09:38 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-07-27 06:59 - 2008-06-26 10:14 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-27 06:52 - 2008-01-20 23:02 - 00169764 _____ C:\windows\PFRO.log
2013-07-27 06:37 - 2013-07-26 19:41 - 00000000 ____D C:\Program Files\Google
2013-07-27 03:36 - 2010-06-01 12:12 - 00000000 ____D C:\ProgramData\LogMeIn
2013-07-26 19:41 - 2013-07-26 19:41 - 00000510 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task de08ef2d-2186-41a7-a2af-507fa54d9fcd.job
2013-07-26 19:41 - 2013-07-26 19:41 - 00000510 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4a4783a6-8532-4057-90ba-2c139cfbb7d7.job
2013-07-26 19:41 - 2013-07-26 19:41 - 00000000 ____D C:\Users\Wanda\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 19:41 - 2013-07-26 19:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-26 19:41 - 2013-03-21 16:31 - 00000000 ____D C:\Users\Wanda\AppData\Local\Google
2013-07-26 19:40 - 2013-07-26 19:40 - 00001800 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-26 19:40 - 2013-07-26 19:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-26 17:55 - 2008-04-15 18:01 - 00006294 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-26 17:52 - 2013-07-26 17:52 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\Users\Wanda\AppData\Roaming\Malwarebytes
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 17:52 - 2013-07-26 17:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 17:15 - 2013-07-26 17:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Wanda\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-26 17:10 - 2013-07-26 17:10 - 00014410 _____ C:\Users\Wanda\Documents\insurance letter.odt
2013-07-25 20:35 - 2013-07-14 15:41 - 00000000 ____D C:\Users\Wanda\AppData\Local\eefaf7c0-3823-4306-bcb6-af727660ccb9ad
2013-07-25 20:00 - 2013-07-14 15:41 - 00000332 ____H C:\windows\Tasks\{8BDF0B56-5C73-4EE6-89CA-4FD9B53931FF}.job
2013-07-25 19:37 - 2012-04-12 18:22 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 17:07 - 2013-03-21 16:31 - 00000464 _____ C:\windows\Tasks\Arcadesafari.job
2013-07-21 03:05 - 2006-11-02 07:18 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 12:17 - 2013-07-19 12:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-19 12:16 - 2013-07-19 12:16 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-19 12:16 - 2013-07-19 12:16 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-19 12:16 - 2013-07-19 12:16 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-19 12:16 - 2012-10-12 08:02 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-07-19 12:16 - 2012-07-16 09:07 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-07-19 12:16 - 2011-05-15 09:19 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-07-16 16:23 - 2009-09-13 08:51 - 00019456 _____ C:\Users\Wanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-15 19:49 - 2006-11-02 08:58 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 19:45 - 2006-11-02 08:58 - 00032600 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-15 03:03 - 2013-07-15 03:00 - 00000000 ____D C:\windows\system32\MRT
2013-07-11 03:55 - 2006-11-02 08:44 - 00399768 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-11 03:52 - 2006-11-02 08:35 - 00000000 ____D C:\windows\system32\XPSViewer
2013-07-08 19:31 - 2013-07-08 19:28 - 00000000 ____D C:\Users\Wanda\Desktop\CADES COVE 2013
2013-07-08 19:29 - 2013-07-08 19:29 - 00000000 ____D C:\Verizon_Android
2013-07-08 19:29 - 2013-07-08 19:29 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-07-06 21:36 - 2006-11-02 07:18 - 00000000 ____D C:\windows\system32\LogFiles
2013-07-04 09:16 - 2013-07-04 09:16 - 00000215 _____ C:\Users\Wanda\Desktop\EMAIL.url
2013-07-02 18:47 - 2013-07-02 17:19 - 00000000 ____D C:\Users\Wanda\Desktop\treetops zip park 2013
2013-07-01 09:09 - 2013-07-01 09:09 - 00018461 _____ C:\Users\Wanda\Documents\FLUID -- Florida Unemployment Internet Direct Claims_asp.mht
2013-06-27 17:58 - 2006-11-02 08:49 - 00178177 _____ C:\windows\setupact.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3613806084-3443726993-327657541-1004\$ff24043d55f85ce9a20a8337d9b4b888

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

Files to move or delete:
====================
C:\Windows\Tasks\{8BDF0B56-5C73-4EE6-89CA-4FD9B53931FF}.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-07-27 10:03

==================== End Of Log ============================

 



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 PM

Posted 27 July 2013 - 08:21 PM


Hello bobbrew1231



I need you to download this script I have made for you --> Attached File  fixlist.txt   492bytes   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 July 2013 - 03:21 AM

Gringo Here is the fixlog thanks, bob

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-07-2013 04
Ran by Wanda at 2013-07-28 04:15:38 Run:1
Running from C:\Users\Wanda\Desktop
Boot Mode: Normal

==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-3613806084-3443726993-327657541-1004\$ff24043d55f85ce9a20a8337d9b4b888 => Directory moved successfully.
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 => Deleted successfully.
C:\Windows\Tasks\{8BDF0B56-5C73-4EE6-89CA-4FD9B53931FF}.job => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========

==== End of Fixlog ====



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 PM

Posted 28 July 2013 - 03:29 AM



Hello bobbrew1231

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 July 2013 - 04:55 AM

Gringo below are the 2 reports my wifes computer appears to be working correctly thanks, bob

 

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 04:38:01
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Wanda - GMOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Wanda\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\DailyBibleGuideEI
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Wanda\AppData\Local\Temp\APN
Folder Deleted : C:\Users\Wanda\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{21EF3164-5FA8-4FF0-8BBE-25B23F313086}
Key Deleted : HKLM\Software\DailyBibleGuideEI
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.DailyBibleGuide.com/Plugin
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.495] : homepage = "hxxp://www.search.ask.com/?l=dis&o=APN10740cr&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYY[...]

*************************

AdwCleaner[S1].txt - [3237 octets] - [28/07/2013 04:38:01]

########## EOF - C:\AdwCleaner[S1].txt - [3297 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows Vista ™ Home Basic x86
Ran by Wanda on Sun 07/28/2013 at  4:49:49.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53085AF8-4F6D-40B7-ABC2-BCD27F5E6DC4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8D28692-A45E-45D0-8680-4324792E57DF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{53085AF8-4F6D-40B7-ABC2-BCD27F5E6DC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/28/2013 at  5:06:14.25
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 PM

Posted 28 July 2013 - 11:47 AM


Hello bobbrew1231

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 July 2013 - 02:37 PM

Gringo here is the log from combofix the puter seems to be running ok it will download files and open attachments from the email client

 

ComboFix 13-07-27.01 - Wanda 07/28/2013  13:32:13.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2812.1724 [GMT -4:00]
Running from: c:\users\Wanda\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFRF317.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-28  )))))))))))))))))))))))))))))))
.
.
2013-07-28 18:11 . 2013-07-28 19:17 -------- d-----w- c:\users\Wanda\AppData\Local\temp
2013-07-28 18:11 . 2013-07-28 18:11 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-07-28 18:11 . 2013-07-28 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-28 08:45 . 2013-07-28 08:45 -------- d-----w- c:\windows\ERUNT
2013-07-27 22:42 . 2013-07-28 08:15 -------- d-----w- C:\FRST
2013-07-26 23:41 . 2013-07-26 23:41 -------- d-----w- c:\users\Wanda\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 23:41 . 2013-07-27 10:37 -------- d-----w- c:\program files\Google
2013-07-26 23:40 . 2013-07-26 23:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-26 23:40 . 2013-07-26 23:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-26 21:52 . 2013-07-26 21:52 -------- d-----w- c:\users\Wanda\AppData\Roaming\Malwarebytes
2013-07-26 21:52 . 2013-07-26 21:52 -------- d-----w- c:\programdata\Malwarebytes
2013-07-26 21:52 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-26 21:52 . 2013-07-26 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-19 16:17 . 2013-07-19 16:17 -------- d-----w- c:\program files\Common Files\Java
2013-07-15 07:00 . 2013-07-15 07:03 -------- d-----w- c:\windows\system32\MRT
2013-07-14 19:41 . 2013-07-26 00:35 -------- d-----w- c:\users\Wanda\AppData\Local\eefaf7c0-3823-4306-bcb6-af727660ccb9ad
2013-07-10 22:59 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 22:58 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-10 22:58 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 22:58 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-10 22:58 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-10 22:58 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-10 22:58 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-10 22:58 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-10 22:58 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-10 22:58 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-10 22:58 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 22:58 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 22:58 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-08 23:29 . 2013-07-08 23:29 -------- d-----w- C:\Verizon_Android
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-28 09:15 . 2012-04-12 22:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-28 09:15 . 2011-05-15 13:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 16:16 . 2012-10-12 12:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-19 16:16 . 2012-07-16 13:07 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-19 16:16 . 2011-05-15 13:19 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 22:05 . 2010-06-01 16:12 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 22:05 . 2010-06-01 16:12 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 22:05 . 2010-06-01 16:12 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 22:05 . 2010-06-01 16:12 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-05-25 22:05 . 2010-06-01 16:12 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-05-08 04:37 . 2013-06-12 16:16 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 22:03 . 2013-06-12 16:14 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03 . 2013-06-12 16:14 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04 . 2013-06-12 16:15 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-12 16:15 37376 ----a-w- c:\windows\system32\printcom.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink3"="c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-26 902144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-26 197904]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-06-02 17:57 238984 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 18:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
R2 0227511245973530mcinstcleanup;McAfee Application Installer Cleanup (0227511245973530);c:\users\Wanda\AppData\Local\Temp\022751~1.EXE [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ   ASBroker ASChannel
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:15]
.
2013-07-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4a4783a6-8532-4057-90ba-2c139cfbb7d7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-07-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task de08ef2d-2186-41a7-a2af-507fa54d9fcd.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-File Sanitizer - c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-28 15:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\Wanda\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3572)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-07-28  15:22:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-28 19:22
.
Pre-Run: 76,669,222,912 bytes free
Post-Run: 78,212,145,152 bytes free
.
- - End Of File - - 9B35BDF9D04D1A8B053BB0153DFC81C0
5C616939100B85E558DA92B899A0FC36


#11 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 28 July 2013 - 02:40 PM

the only problem I had was the computer blue screened the first attempt of running combofix the second time combofix ran fine with no problems it did take about an hour or so



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 PM

Posted 28 July 2013 - 08:37 PM


Hello bobbrew1231

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 29 July 2013 - 06:54 PM

Gringo

 

The puter seems to be operating ok did not notice any problems after running CFix

 

The puter blue screen crashed on first attempt of CFix on 2nd try a message came up while CFix was running stating that pev.exe had stopped working it had a close program button I just let CFix keep running did not mess with puter after CFix completed stage 50 the message box closed itself.

 

Here is the log from CFix

 

thanks again...........bob

 

ComboFix 13-07-27.01 - Wanda 07/29/2013  19:15:22.2.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2812.1857 [GMT -4:00]
Running from: c:\users\Wanda\Desktop\ComboFix.exe
Command switches used :: c:\users\Wanda\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-29  )))))))))))))))))))))))))))))))
.
.
2013-07-29 23:23 . 2013-07-29 23:24 -------- d-----w- c:\users\Wanda\AppData\Local\temp
2013-07-29 23:23 . 2013-07-29 23:23 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-07-29 23:23 . 2013-07-29 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-28 08:45 . 2013-07-28 08:45 -------- d-----w- c:\windows\ERUNT
2013-07-27 22:42 . 2013-07-28 08:15 -------- d-----w- C:\FRST
2013-07-26 23:41 . 2013-07-26 23:41 -------- d-----w- c:\users\Wanda\AppData\Roaming\SUPERAntiSpyware.com
2013-07-26 23:41 . 2013-07-28 23:03 -------- d-----w- c:\program files\Google
2013-07-26 23:40 . 2013-07-26 23:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-26 23:40 . 2013-07-26 23:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-26 21:52 . 2013-07-26 21:52 -------- d-----w- c:\users\Wanda\AppData\Roaming\Malwarebytes
2013-07-26 21:52 . 2013-07-26 21:52 -------- d-----w- c:\programdata\Malwarebytes
2013-07-26 21:52 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-26 21:52 . 2013-07-26 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-19 16:17 . 2013-07-19 16:17 -------- d-----w- c:\program files\Common Files\Java
2013-07-15 07:00 . 2013-07-15 07:03 -------- d-----w- c:\windows\system32\MRT
2013-07-14 19:41 . 2013-07-26 00:35 -------- d-----w- c:\users\Wanda\AppData\Local\eefaf7c0-3823-4306-bcb6-af727660ccb9ad
2013-07-10 22:59 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 22:58 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-10 22:58 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 22:58 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-10 22:58 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-10 22:58 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-10 22:58 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-10 22:58 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-10 22:58 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-10 22:58 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-10 22:58 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 22:58 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 22:58 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-08 23:29 . 2013-07-08 23:29 -------- d-----w- C:\Verizon_Android
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-28 09:15 . 2012-04-12 22:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-28 09:15 . 2011-05-15 13:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 16:16 . 2012-10-12 12:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-19 16:16 . 2012-07-16 13:07 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-19 16:16 . 2011-05-15 13:19 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 22:05 . 2010-06-01 16:12 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 22:05 . 2010-06-01 16:12 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 22:05 . 2010-06-01 16:12 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 22:05 . 2010-06-01 16:12 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-05-25 22:05 . 2010-06-01 16:12 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-05-08 04:37 . 2013-06-12 16:16 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 22:03 . 2013-06-12 16:14 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03 . 2013-06-12 16:14 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04 . 2013-06-12 16:15 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-12 16:15 37376 ----a-w- c:\windows\system32\printcom.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobiLink3"="c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-26 902144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-26 197904]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-06-02 17:57 238984 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 18:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
R2 0227511245973530mcinstcleanup;McAfee Application Installer Cleanup (0227511245973530);c:\users\Wanda\AppData\Local\Temp\022751~1.EXE [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ   ASBroker ASChannel
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-28 23:03 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:15]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-28 23:02]
.
2013-07-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4a4783a6-8532-4057-90ba-2c139cfbb7d7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-07-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task de08ef2d-2186-41a7-a2af-507fa54d9fcd.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-29 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'lsass.exe'(620)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'Explorer.exe'(12)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
.
Completion time: 2013-07-29  19:26:25
ComboFix-quarantined-files.txt  2013-07-29 23:26
ComboFix2.txt  2013-07-28 19:22
.
Pre-Run: 77,209,587,712 bytes free
Post-Run: 77,784,625,152 bytes free
.
- - End Of File - - D8C237BE248A057D5C7F9D73FDFB6802
5C616939100B85E558DA92B899A0FC36


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 PM

Posted 29 July 2013 - 08:50 PM


Hello bobbrew1231

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bobbrew1231

bobbrew1231
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 30 July 2013 - 04:41 AM

Gringo,

 

Here is the add remove programs report

 

thanks, bob

 

 
32 Bit HP CIO Components Installer
Acrobat.com
ActivClient 6.1 x86
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.5
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
BIOS Configuration for HP ProtectTools
Broadband2Go
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Credential Manager for HP ProtectTools
Drive Encryption for HP ProtectTools
EPSON Scan
EPSON Stylus NX400 Series Printer Uninstall
ESU for Microsoft Vista SP1
Google Chrome
Google Update Helper
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP Software Setup 5.00.A.7
HP Total Care Advisor
HP Update
HP User Guides 0108
HP Wallpaper
HP Wireless Assistant
HPNetworkAssistant
InstallVC90Support
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
Java 7 Update 25
Java Auto Updater
LightScribe System Software  1.12.37.1
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
OpenOffice.org 3.1
PMB
QuickBooks
QuickBooks Pro 2005
QuickBooks Pro 2009
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Skins
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Virgin Mobile Broadband Modem Drivers
Vista Default Settings
Yahoo! Software Update
Yahoo! Toolbar





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users