Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

beesq.net, sureclickfind Google Redirect


  • Please log in to reply
9 replies to this topic

#1 Paulabear

Paulabear

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 10 August 2013 - 12:16 PM

Have a redirect problem with Google.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.7.2
Run by D at 13:14:08 on 2013-08-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.6109 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Users\D\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\D\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\D\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\D\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\D\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\D\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\D\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\D\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{15B84BD8-7412-4886-976D-3258888FCFA2} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-1-13 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-1-13 38016]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-6 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-6 189936]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-7-15 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-6 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-6 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-13 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-6 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-6 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-6 46808]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-6 701512]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-1-13 1127448]
R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-4-12 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-4-12 14592]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-6 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-13 412776]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-13 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-10 16:50:02 -------- d-----w- C:\ProgramData\HitmanPro
2013-08-09 22:15:09 -------- d-----w- C:\Program Files\CCleaner
2013-08-09 21:30:42 -------- d-----w- C:\Program Files\Unlocker
2013-08-09 21:10:59 -------- d-----w- C:\Users\D\AppData\Local\CRE
2013-08-09 13:08:48 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DDDEAB8-AD72-4242-9A6B-7269EDDA451D}\mpengine.dll
2013-08-03 00:39:32 -------- d-----w- C:\Windows\System32\MRT
2013-07-15 17:51:05 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-07-12 21:30:08 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 21:30:08 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-12 21:30:08 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-12 21:30:08 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 21:30:08 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-12 21:30:08 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-12 21:30:08 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-12 21:30:07 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-12 21:30:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-12 21:30:07 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-12 21:30:07 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-12 21:29:53 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-12 21:29:52 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 21:29:52 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-12 21:29:52 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-12 21:29:52 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-12 21:29:52 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 21:29:33 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-12 21:29:33 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-06-28 00:33:13 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-28 00:33:13 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 13:14:29.70 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 14 August 2013 - 10:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Paulabear

Paulabear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 14 August 2013 - 02:01 PM

Thank you for replying!
 
# AdwCleaner v3.000 - Report created14/08/2013at14:30:21
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : D - D-HP
# Running from : C:\Users\D\Downloads\adwcleaner (1).exe
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A4AFCD25-06FA-4B98-BEBC-88257568BAEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E1E85964-7C16-4A08-A840-AA66350E6E27}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
[OK] No bad entry found.
 
-\\ Google Chrome v
 
 
[ File : C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
[OK] No bad entry found.
 
*************************
 
AdwCleaner[0].txt - [852 octets] - [14/08/2013 14:30:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [910 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Home Premium x64
Ran by D on Wed 08/14/2013 at 14:37:58.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67BD0FCC-DE8B-40AE-BB29-C2C763B50433}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67BD0FCC-DE8B-40AE-BB29-C2C763B50433}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\D\appdata\local\cre"
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\D\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\D\appdata\local\Google\Chrome\User Data\Default\Default\aagggedcdcdjgedjdedddigbdededede
C:\Users\D\appdata\local\Google\Chrome\User Data\Default\Default\aagggedcdcdjgedjdedddigbdededede\background.js
C:\Users\D\appdata\local\Google\Chrome\User Data\Default\Default\aagggedcdcdjgedjdedddigbdededede\ContentScript.js
C:\Users\D\appdata\local\Google\Chrome\User Data\Default\Default\aagggedcdcdjgedjdedddigbdededede\manifest.json
 
Successfully deleted: [Folder] C:\Users\D\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/14/2013 at 14:44:33.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
ComboFix 13-08-14.02 - D 08/14/2013  14:53:45.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.6509 [GMT -4:00]
Running from: C:\Users\D\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Users\D\GoToAssistDownloadHelper.exe
C:\Windows\security\Database\tmp.edb
 
 
(((((((((((((((((((((((((   Files Created from 2013-07-14 to 2013-08-14  )))))))))))))))))))))))))))))))
 
 
2013-08-14 18:58:23 . 2013-08-14 18:58:23 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-08-14 18:37:55 . 2013-08-14 18:37:55 -------- d-----w- C:\Windows\ERUNT
2013-08-14 18:24:44 . 2013-08-14 18:34:59 -------- d-----w- C:\AdwCleaner
2013-08-14 12:25:56 . 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\system32\wintrust.dll
2013-08-13 11:23:10 . 2013-07-02 08:34:27 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0062E0F2-D8C0-4FA2-86E4-581BA0E63C4F}\mpengine.dll
2013-08-10 16:50:02 . 2013-08-10 17:10:18 -------- d-----w- C:\ProgramData\HitmanPro
2013-08-09 22:15:09 . 2013-08-09 22:15:14 -------- d-----w- C:\Program Files\CCleaner
2013-08-09 21:30:42 . 2013-08-09 21:30:42 -------- d-----w- C:\Program Files\Unlocker
2013-08-03 00:39:32 . 2013-08-14 14:50:25 -------- d-----w- C:\Windows\system32\MRT
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-08-14 14:49:14 . 2012-09-07 17:05:27 78161360 ----a-w- C:\Windows\system32\MRT.exe
2013-07-09 04:45:07 . 2013-08-14 12:25:36 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-06-28 00:33:13 . 2013-06-06 20:20:20 378944 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2013-06-28 00:33:13 . 2013-06-06 20:20:15 1030952 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2013-06-28 00:33:13 . 2013-06-06 20:20:14 189936 ----a-w- C:\Windows\system32\drivers\aswVmm.sys
2013-06-19 01:43:54 . 2013-06-19 01:43:54 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 97280 ----a-w- C:\Windows\system32\mshtmled.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 81408 ----a-w- C:\Windows\system32\icardie.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 77312 ----a-w- C:\Windows\system32\tdc.ocx
2013-06-19 01:43:53 . 2013-06-19 01:43:53 762368 ----a-w- C:\Windows\system32\ieapfltr.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 62976 ----a-w- C:\Windows\system32\pngfilt.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-06-19 01:43:53 . 2013-06-19 01:43:53 599552 ----a-w- C:\Windows\system32\vbscript.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 51200 ----a-w- C:\Windows\system32\imgutil.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 452096 ----a-w- C:\Windows\system32\dxtmsft.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 441856 ----a-w- C:\Windows\system32\html.iec
2013-06-19 01:43:53 . 2013-06-19 01:43:53 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 361984 ----a-w- C:\Windows\SysWow64\html.iec
2013-06-19 01:43:53 . 2013-06-19 01:43:53 281600 ----a-w- C:\Windows\system32\dxtrans.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 27648 ----a-w- C:\Windows\system32\licmgr10.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 270848 ----a-w- C:\Windows\system32\iedkcs32.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 247296 ----a-w- C:\Windows\system32\webcheck.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 235008 ----a-w- C:\Windows\system32\url.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 226304 ----a-w- C:\Windows\system32\elshyph.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 216064 ----a-w- C:\Windows\system32\msls31.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 197120 ----a-w- C:\Windows\system32\msrating.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 173568 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 167424 ----a-w- C:\Windows\system32\iexpress.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-06-19 01:43:53 . 2013-06-19 01:43:53 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 149504 ----a-w- C:\Windows\system32\occache.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 144896 ----a-w- C:\Windows\system32\wextract.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-06-19 01:43:53 . 2013-06-19 01:43:53 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat
2013-06-19 01:43:53 . 2013-06-19 01:43:53 138752 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 13824 ----a-w- C:\Windows\system32\mshta.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 136192 ----a-w- C:\Windows\system32\iepeers.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 12800 ----a-w- C:\Windows\system32\msfeedssync.exe
2013-06-19 01:43:53 . 2013-06-19 01:43:53 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-06-19 01:43:53 . 2013-06-19 01:43:53 102912 ----a-w- C:\Windows\system32\inseng.dll
2013-06-05 03:34:27 . 2013-07-12 21:29:53 3153920 ----a-w- C:\Windows\system32\win32k.sys
2013-06-04 06:00:13 . 2013-07-12 21:30:07 624128 ----a-w- C:\Windows\system32\qedit.dll
2013-06-04 04:53:07 . 2013-07-12 21:30:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-16 19:35:49 . 2010-06-24 19:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 05:44:44 102400]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 22:50:04 54576]
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 09:49:44 656920]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 17:37:14 517096]
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 08:57:06 406992]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 22:36:46 30040]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 13:04:54 252848]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2013-05-09 08:58:30 4858968]
 
C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe [2012-9-6 576000]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
 
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys;C:\Windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gfiark;gfiark;C:\Windows\system32\drivers\gfiark.sys;C:\Windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\system32\DRIVERS\taphss6.sys;C:\Windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys;C:\Windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys;C:\Windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys;C:\Windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys;C:\Windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys;C:\Windows\SYSNATIVE\drivers\usbfilter.sys [x]
 
 
Contents of the 'Scheduled Tasks' folder
 
2013-08-14 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 13:35:27 . 2012-09-17 13:35:27]
 
2013-08-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 20:20:22 . 2013-06-06 20:20:22]
 
2013-08-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 20:20:22 . 2013-06-06 20:20:22]
 
2013-08-12 C:\Windows\Tasks\HPCeeScheduleForD.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15:40 . 2010-09-14 06:15:40]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58:09 133840 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 03:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 03:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 03:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 03:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 18:47:28 62768]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 07:44:40 500208]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
 
- - - - ORPHANS REMOVED - - - -
 
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
 
 

Everything seems so much instant now searching. I'll let you know if there's any other problems. Let me know if you see anything in the logs I need to run more scanners on. Thank you again!



#4 Paulabear

Paulabear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 14 August 2013 - 02:06 PM

The only other thing is my father uses internet explorer and refuses to switch to anything else. It won't load the homepage and just continues to sit there spinning and never goes anywhere. It takes it much longer to go to any website as well.

 

EDIT:

I just reset all the settings and clicked the gear on the right and much of it is grayed out, including "internet options"

I have also tried uninstalling and reinstalling IE 10 and "Internet Explorerdid not finish installing" pops up


Edited by Paulabear, 14 August 2013 - 02:57 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 15 August 2013 - 08:16 AM

Run this Microsoft Fix.
How to reset Internet Explorer settings
http://support.microsoft.com/kb/923737
===

If that fails to fix the problem try the Methods 1 and 2 on this page.
http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/internet-options-not-opening-in-control-panel-in/e2d49b14-1163-4cb4-b016-9d875f3951f8?msgId=4530d151-a871-4bfa-b660-31a70a3fda5d

Keep me posted.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 21 August 2013 - 10:09 AM

Are you still with me?

#7 Paulabear

Paulabear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 23 August 2013 - 07:59 AM

Yes I am! Sorry I've been out of town, I'll be able to try those methods tomorrow. I did try resetting the settings by the way and even uninstalled IE to try and reinstall it, downgraded it from 10 to 9 but it fails to install no matter what

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 23 August 2013 - 09:17 AM

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


#9 Paulabear

Paulabear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:45 PM

Posted 20 September 2013 - 05:14 PM

RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : D [Admin rights]
Mode : Remove -- Date : 09/20/2013 18:14:19
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST310005 24AS SATA Disk Device +++++
--- User ---
[MBR] 112795e2038927107289edd7254f186d
[BSP] 5ed41bd07199b83d2e689470cd84f0da : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942354 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930147840 | Size: 11413 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 39ad02628661bc6a2179c85b2e297a40
[BSP] 05eff74ffaa1e9afe597cd6958d40fbb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo
 
Finished : << RKreport[0]_D_09202013_181419.txt >>
RKreport[0]_S_09202013_181338.txt


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:45 PM

Posted 21 September 2013 - 09:26 AM

Try the fix suggested on this page.

Troubleshooting a failed installation of Internet Explorer 10
http://support.microsoft.com/kb/2820688




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users