Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to Uninstall Smart PC Booster 7 on Win8


  • This topic is locked This topic is locked
3 replies to this topic

#1 marginator007

marginator007

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 29 July 2013 - 11:42 AM

Hello! I've accidentally downloaded several malicious programs on my computer and have been successful in removing all (delta search, etc) but one, Smart PC Booster 7. Trying to do a regular uninstall (before and after running programs below) is not successful. I have followed the instructions located here: http://www.bleepingcomputer.com/forums/t/501921/smart-pc-booster-7-optimize-your-pc-and-continue-internet-explorer-10-installat/?p=3114786    but the program remains. Any help for a silly girl would be appreciated! :P Logs are here:

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows 8 x64
Ran by Margureite on Mon 07/29/2013 at 11:53:31.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
~~~ Files
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Margureite\AppData\Roaming\ask4expert"
Failed to delete: [Folder] "C:\Program Files (x86)\ask4expert"
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Margureite\appdata\local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak
 
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/29/2013 at 11:56:12.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Combofix

ComboFix 13-07-27.01 - Margureite 07/29/2013  12:02:20.1.4 - x64

Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6034.4271 [GMT -4:00]
Running from: c:\users\Margureite\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\SetStretch.exe
c:\programdata\SetStretch.VBS
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-29  )))))))))))))))))))))))))))))))
.
.
2013-07-29 16:06 . 2013-07-29 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-29 15:53 . 2013-07-29 15:53 -------- d-----w- c:\windows\ERUNT
2013-07-29 15:41 . 2013-07-29 15:41 -------- d-----w- c:\program files\HitmanPro
2013-07-29 15:40 . 2013-07-29 15:46 -------- d-----w- c:\programdata\HitmanPro
2013-07-29 15:09 . 2013-07-29 15:09 -------- d-----w- c:\programdata\Symantec
2013-07-29 15:09 . 2013-07-29 15:09 -------- d-----w- c:\programdata\Norton
2013-07-29 15:08 . 2013-07-29 15:08 -------- d-----w- c:\program files (x86)\Ask4Expert
2013-07-29 15:08 . 2013-07-29 15:08 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-07-29 15:08 . 2013-07-29 15:08 -------- d-----w- c:\windows\SysWow64\Extensions
2013-07-21 20:41 . 2013-06-01 09:23 680960 ----a-w- c:\windows\system32\vds.exe
2013-07-21 20:40 . 2012-10-11 07:25 56552 ----a-w- c:\windows\system32\drivers\sdstor.sys
2013-07-21 20:39 . 2012-11-27 04:20 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2013-07-21 20:38 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-21 20:38 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-19 17:06 . 2013-07-19 17:06 -------- d--h--r- c:\users\Public\AccountPictures
2013-07-19 14:55 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-07-19 14:54 . 2013-07-19 14:55 -------- d-----w- c:\windows\system32\MRT
2013-07-19 14:01 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-19 14:01 . 2012-11-26 04:21 71168 ----a-w- c:\windows\SysWow64\ncryptsslp.dll
2013-07-19 14:01 . 2012-11-26 04:20 86016 ----a-w- c:\windows\system32\ncryptsslp.dll
2013-07-19 14:01 . 2013-04-11 04:12 1029632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-19 14:01 . 2013-04-11 04:12 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-19 14:01 . 2013-04-10 22:35 1617920 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-19 14:01 . 2013-04-10 22:35 1318912 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-19 14:01 . 2013-04-10 22:35 1306112 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-19 14:01 . 2013-04-10 22:35 1272320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-19 14:01 . 2013-04-16 02:34 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-19 14:01 . 2012-08-31 00:52 17888 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2013-07-19 14:01 . 2012-08-31 00:53 17888 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2013-07-19 14:00 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-07-19 14:00 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2013-07-19 14:00 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2013-07-19 14:00 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2013-07-19 14:00 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2013-07-19 13:56 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-07-19 13:55 . 2013-03-02 09:59 411880 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-07-19 13:55 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-19 13:55 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-19 13:55 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-19 13:55 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-07-19 13:55 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-19 13:55 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-19 13:55 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-19 13:54 . 2013-06-01 09:25 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-19 13:54 . 2013-06-01 09:21 595968 ----a-w- c:\windows\system32\qedit.dll
2013-07-19 13:52 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-19 13:52 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll
2013-07-19 13:52 . 2013-03-06 06:31 19758592 ----a-w- c:\windows\system32\shell32.dll
2013-07-19 13:52 . 2013-03-06 06:31 222208 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-19 13:52 . 2013-03-06 07:10 112872 ----a-w- c:\windows\system32\consent.exe
2013-07-19 13:52 . 2013-03-06 06:29 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-07-19 13:52 . 2013-02-12 00:17 20992 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-07-19 13:50 . 2013-04-27 05:20 733184 ----a-w- c:\windows\system32\win32spl.dll
2013-07-19 13:48 . 2013-04-09 05:33 446792 ----a-w- c:\windows\system32\AudioSes.dll
2013-07-19 13:47 . 2013-01-28 23:08 55272 ----a-w- c:\program files\Windows Defender\MpUXSrv.exe
2013-07-19 13:46 . 2012-11-01 04:40 2361344 ----a-w- c:\windows\system32\msxml6.dll
2013-07-19 13:46 . 2012-11-01 04:41 1802240 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-07-19 13:46 . 2012-11-01 04:41 1438720 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-07-19 13:46 . 2012-11-01 04:40 1836032 ----a-w- c:\windows\system32\msxml3.dll
2013-07-19 13:46 . 2012-11-01 04:21 2048 ----a-w- c:\windows\system32\msxml6r.dll
2013-07-19 13:46 . 2012-11-01 04:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-07-19 13:46 . 2012-11-01 04:20 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2013-07-19 13:46 . 2012-11-01 04:20 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2013-07-19 13:23 . 2013-07-19 13:24 -------- d-----w- c:\programdata\AVG2013
2013-07-19 13:23 . 2013-07-19 13:23 -------- d-----w- C:\$AVG
2013-07-19 13:23 . 2013-07-19 13:23 -------- d-----w- c:\program files (x86)\AVG
2013-07-19 13:23 . 2013-07-29 12:24 -------- d-----w- c:\programdata\MFAData
2013-07-19 13:23 . 2013-07-19 13:23 -------- d--h--w- c:\programdata\Common Files
2013-07-19 13:22 . 2013-07-19 13:22 -------- d-----w- c:\programdata\Malwarebytes
2013-07-19 13:22 . 2013-07-19 13:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-19 13:22 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-19 13:22 . 2013-07-19 13:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-19 13:20 . 2013-07-19 13:20 -------- d-----w- c:\program files (x86)\VideoLAN
2013-07-19 13:20 . 2013-07-19 13:20 -------- d-----w- c:\program files\Classic Shell
2013-07-19 13:20 . 2013-07-19 13:19 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-19 13:20 . 2013-07-19 13:19 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-19 13:20 . 2013-07-19 13:19 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-19 13:15 . 2013-07-19 13:15 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-19 13:14 . 2013-07-19 13:14 -------- d-----w- c:\programdata\USBChargerPlus
2013-07-19 13:14 . 2013-07-21 20:22 -------- d-----w- c:\users\Margureite
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 13:14 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-27 04:46 . 2013-06-27 04:46 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 130736 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 130736 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 130736 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 130736 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-11-23 3187360]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-19 13:19 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 13:19]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 13:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 164016 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 164016 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 164016 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50 164016 ----a-w- c:\users\Margureite\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-15 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-15 399392]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-18 13213328]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-07-21 11554176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-29  12:09:36
ComboFix-quarantined-files.txt  2013-07-29 16:09
.
Pre-Run: 683,487,277,056 bytes free
Post-Run: 683,265,134,592 bytes free
.
- - End Of File - - 04E29EC77C553DF1B22A3FED5634F8DE
D41D8CD98F00B204E9800998ECF8427E
 
 
Security Check
 

 Results of screen317's Security Check version 0.99.71  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Windows Defender                  
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Reader XI  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````
 AVG avgwdsvc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 

 

 



BC AdBot (Login to Remove)

 


#2 marginator007

marginator007
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 02 August 2013 - 10:28 PM

Just bumping this in hopes of some help!!



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 PM

Posted 03 August 2013 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • <- Important
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 PM

Posted 09 August 2013 - 08:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users