Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with FBI virus/FarBar Tool Log/Please Help


  • This topic is locked This topic is locked
19 replies to this topic

#1 BrianArizona

BrianArizona

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 28 September 2013 - 12:31 AM

Hi All,

 

I was hoping someone could help me with removing this FBI virus from my computer. Any help on what I need to do now to remove this would be greatly appreciated!! It would mean so much to me to get my computer back!!!

 

I ran the FarBar Recovery Tool program and got the following log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Brian (administrator) on BRIAN-PC on 27-09-2013 20:23:52
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12850792 2011-09-05] (Realtek Semiconductor)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Epson Stylus NX230(Network)] - C:\Users\Brian\AppData\Local\Temp\E_SA36C.tmp [188 2012-08-07] ()
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [4480456 2012-05-31] (Binary Fortress Software)
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Brian\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 46a7b747d65847d099bd19d59a0fb91a-9a4ef77324d7db274ffc1cb4c1b164964864bdbf --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Brian\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 46a7b747d65847d099bd19d59a0fb91a-9a4ef77324d7db274ffc1cb4c1b164964864bdbf --CMPID 0913a
HKCU\...\Run: [Jing] - C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Brian\AppData\Roaming\cache.dat [135168 2013-08-01] () <==== ATTENTION
MountPoints2: {fd90874e-8997-11e1-a80f-806e6f6e6963} - D:\.\DR\DRS\SYS\CDAmbass.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [LVT] - C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe [1260128 2011-12-16] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\i7n71xh8.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 FastbootService; C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe [199264 2011-12-16] (1206 Lab)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-09-22] (SurfRight B.V.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [69216 2011-12-16] (Windows ® Win 7 DDK provider)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-27 20:23 - 2013-09-27 20:23 - 00000000 ____D C:\FRST
2013-09-22 22:47 - 2013-09-22 22:54 - 00001821 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-22 21:33 - 2013-09-22 21:33 - 00003416 ____N C:\bootsqm.dat
2013-09-22 21:33 - 2013-09-22 21:33 - 00000000 __SHD C:\found.000
2013-09-22 01:21 - 2013-09-25 21:14 - 00000004 _____ C:\Users\Brian\AppData\Roaming\cache.ini
2013-09-20 08:57 - 2013-09-20 08:57 - 00000000 ____D C:\Users\Brian\AppData\Local\TechSmith
2013-09-20 08:56 - 2013-09-20 08:56 - 06692840 _____ C:\Users\Brian\Downloads\jing.exe
2013-09-20 08:56 - 2013-09-20 08:56 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-09-19 18:40 - 2013-09-19 18:40 - 00000000 ____D C:\DR
2013-09-13 03:05 - 2013-08-09 22:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-13 03:05 - 2013-08-09 22:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-13 03:05 - 2013-08-09 22:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-13 03:05 - 2013-08-09 22:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-13 03:05 - 2013-08-09 22:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-13 03:05 - 2013-08-09 22:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-13 03:05 - 2013-08-09 20:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-13 03:05 - 2013-08-09 20:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-13 03:05 - 2013-08-09 20:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-13 03:05 - 2013-08-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-13 03:05 - 2013-08-09 19:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-13 03:05 - 2013-08-09 19:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 03:04 - 2013-08-09 20:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-12 07:51 - 2013-08-07 18:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-12 07:51 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-12 07:51 - 2013-08-01 19:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-12 07:51 - 2013-08-01 19:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-12 07:51 - 2013-08-01 19:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-12 07:51 - 2013-08-01 19:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-12 07:51 - 2013-08-01 19:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-12 07:51 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-12 07:51 - 2013-08-01 19:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-12 07:51 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-12 07:51 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-12 07:51 - 2013-08-01 18:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-12 07:51 - 2013-08-01 18:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-12 07:51 - 2013-08-01 18:51 - 00135168 _____ C:\Users\Brian\AppData\Roaming\cache.dat
2013-09-12 07:51 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-12 07:51 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-12 07:51 - 2013-08-01 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-12 07:51 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-12 07:51 - 2013-08-01 17:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-12 07:51 - 2013-08-01 17:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-12 07:51 - 2013-08-01 17:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-12 07:51 - 2013-08-01 17:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-12 07:51 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 07:51 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-12 07:51 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-12 07:51 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-12 07:51 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-12 07:43 - 2013-09-12 07:43 - 00280552 _____ C:\windows\Minidump\091213-21746-01.dmp
2013-09-10 16:50 - 2013-09-10 16:50 - 00280552 _____ C:\windows\Minidump\091013-24882-01.dmp
2013-09-01 14:22 - 2013-09-01 14:26 - 00013032 ____H C:\Users\Brian\Desktop\~WRL2219.tmp
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FF1A1B62-703A-4DCA-8654-543190308AF1}
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FDA3FFD1-CFE8-4732-A9AE-A126B967C593}
2013-08-28 17:52 - 2013-08-28 17:52 - 00001069 _____ C:\Users\Brian\Desktop\Scratch.lnk
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\Documents\Scratch Projects
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Program Files (x86)\Scratch

==================== One Month Modified Files and Folders =======

2013-09-27 20:28 - 2009-07-13 22:13 - 00778834 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-27 20:23 - 2013-09-27 20:23 - 00000000 ____D C:\FRST
2013-09-25 21:14 - 2013-09-22 01:21 - 00000004 _____ C:\Users\Brian\AppData\Roaming\cache.ini
2013-09-25 21:12 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-25 21:12 - 2009-07-13 21:51 - 00058068 _____ C:\windows\setupact.log
2013-09-23 17:58 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:58 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-22 22:54 - 2013-09-22 22:47 - 00001821 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-22 21:33 - 2013-09-22 21:33 - 00003416 ____N C:\bootsqm.dat
2013-09-22 21:33 - 2013-09-22 21:33 - 00000000 __SHD C:\found.000
2013-09-22 01:38 - 2012-04-18 13:07 - 01231529 _____ C:\windows\WindowsUpdate.log
2013-09-22 01:27 - 2012-08-06 21:43 - 00000000 ____D C:\ProgramData\AVG2012
2013-09-22 01:20 - 2012-08-04 11:16 - 00000000 ____D C:\Users\Brian\AppData\Local\Google
2013-09-22 00:44 - 2013-03-14 18:15 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 22:50 - 2013-04-16 19:03 - 00185856 _____ C:\Users\Brian\Desktop\Budget NEW.xlsx
2013-09-21 21:47 - 2012-08-06 21:43 - 00000000 ____D C:\windows\system32\Drivers\AVG
2013-09-21 08:07 - 2009-07-13 22:32 - 00000000 ____D C:\windows\system32\FxsTmp
2013-09-20 08:57 - 2013-09-20 08:57 - 00000000 ____D C:\Users\Brian\AppData\Local\TechSmith
2013-09-20 08:56 - 2013-09-20 08:56 - 06692840 _____ C:\Users\Brian\Downloads\jing.exe
2013-09-20 08:56 - 2013-09-20 08:56 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-09-20 08:56 - 2012-08-04 11:12 - 00000000 ____D C:\Users\Brian
2013-09-19 18:40 - 2013-09-19 18:40 - 00000000 ____D C:\DR
2013-09-19 17:44 - 2013-03-14 18:15 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 17:44 - 2012-12-28 16:38 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 17:44 - 2012-12-28 16:38 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 21:28 - 2012-08-06 22:05 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe
2013-09-13 17:54 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-09-13 16:35 - 2012-08-04 11:12 - 00000000 ___RD C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 16:35 - 2012-08-04 11:12 - 00000000 ___RD C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 03:22 - 2010-11-20 20:47 - 00051974 _____ C:\windows\PFRO.log
2013-09-13 03:22 - 2009-07-13 21:45 - 00428512 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-13 03:04 - 2012-08-06 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 07:43 - 2013-09-12 07:43 - 00280552 _____ C:\windows\Minidump\091213-21746-01.dmp
2013-09-12 07:43 - 2012-11-11 08:24 - 561292169 _____ C:\windows\MEMORY.DMP
2013-09-12 07:43 - 2012-11-11 08:24 - 00000000 ____D C:\windows\Minidump
2013-09-10 16:50 - 2013-09-10 16:50 - 00280552 _____ C:\windows\Minidump\091013-24882-01.dmp
2013-09-07 01:07 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-01 14:26 - 2013-09-01 14:22 - 00013032 ____H C:\Users\Brian\Desktop\~WRL2219.tmp
2013-08-31 19:06 - 2012-08-04 11:12 - 00000000 ____D C:\Users\Brian\AppData\Local\VirtualStore
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FF1A1B62-703A-4DCA-8654-543190308AF1}
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FDA3FFD1-CFE8-4732-A9AE-A126B967C593}
2013-08-28 17:52 - 2013-08-28 17:52 - 00001069 _____ C:\Users\Brian\Desktop\Scratch.lnk
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\Documents\Scratch Projects
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Program Files (x86)\Scratch

Files to move or delete:
====================
C:\Users\Brian\AppData\Roaming\cache.dat
C:\Users\Brian\AppData\Roaming\cache.ini
ZeroAccess:
C:\Users\Brian\AppData\Local\Google\Desktop\Install
C:\ProgramData\flashax10.exe

Some content of TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Brian\AppData\Local\Temp\OEC Trader 3.5.6.2.exe
C:\Users\Brian\AppData\Local\Temp\OEC Trader 3.5.6.3.exe
C:\Users\Brian\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-21 00:23

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:12 PM

Posted 28 September 2013 - 02:27 AM

Hello BrianArizona

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!
  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


I need you to download this script I have made for you --> Attached File  fixlist.txt   298bytes   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BrianArizona

BrianArizona
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 28 September 2013 - 11:43 AM

Hey Gringo! That seemed to work well. Here is my fixlog. Please advise me with any additional steps I need to take. Thank you so much!!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by Brian at 2013-09-28 01:52:05 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Brian\AppData\Roaming\cache.dat [135168 2013-08-01] () <==== ATTENTION
C:\Users\Brian\AppData\Roaming\cache.dat
C:\Users\Brian\AppData\Roaming\cache.ini
C:\Users\Brian\AppData\Local\Google\Desktop\Install
C:\ProgramData\flashax10.exe
End
*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Brian\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Brian\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\Brian\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\ProgramData\flashax10.exe => Moved successfully.

==== End of Fixlog ====



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:12 PM

Posted 28 September 2013 - 01:33 PM



Hello BrianArizona

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BrianArizona

BrianArizona
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 28 September 2013 - 07:59 PM

# AdwCleaner v3.005 - Report created 28/09/2013 at 17:47:00
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Brian - BRIAN-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Freeze.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\i7n71xh8.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1216 octets] - [28/09/2013 17:43:58]
AdwCleaner[S0].txt - [1155 octets] - [28/09/2013 17:47:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1215 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Brian on Sat 09/28/2013 at 17:49:44.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Brian\appdata\local\{FDA3FFD1-CFE8-4732-A9AE-A126B967C593}
Successfully deleted: [Empty Folder] C:\Users\Brian\appdata\local\{FF1A1B62-703A-4DCA-8654-543190308AF1}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/28/2013 at 17:54:20.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:12 PM

Posted 28 September 2013 - 08:43 PM


Hello BrianArizona

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BrianArizona

BrianArizona
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 28 September 2013 - 11:57 PM

Hi Gringo- Thank you so much for your help!! The computer itself is working well, but I am having a HUGE problem with my internet. I cannot connect to the internet and my computer is not recognizing my Netgear wireless adapter. I tried another wireless adapter too and it doesn't work. It says that no internet connections are available and that it's not connected. There is not a problem with my internet as it works on my laptop and as WI-FI on my phone. Can you help me with that?? Thanks again!

 

Here is my log from ComboFix:

 

ComboFix 13-09-28.02 - Brian 09/28/2013 21:43:44.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3991.2456 [GMT -7:00]

Running from: E:\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-29 )))))))))))))))))))))))))))))))

.

.

2013-09-29 04:47 . 2013-09-29 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-29 00:49 . 2013-09-29 00:49 -------- d-----w- c:\windows\ERUNT

2013-09-29 00:43 . 2013-09-29 00:47 -------- d-----w- C:\AdwCleaner

2013-09-28 03:23 . 2013-09-28 03:23 -------- d-----w- C:\FRST

2013-09-23 05:47 . 2013-09-29 04:39 -------- d-----w- c:\program files\HitmanPro

2013-09-23 05:47 . 2013-09-23 05:47 -------- d-----w- c:\programdata\HitmanPro

2013-09-23 04:33 . 2013-09-23 04:33 -------- d-----w- C:\found.000

2013-09-20 15:57 . 2013-09-20 15:57 -------- d-----w- c:\users\Brian\AppData\Local\TechSmith

2013-09-20 01:40 . 2013-09-20 01:40 -------- d-----w- C:\DR

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-20 00:44 . 2012-12-28 23:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-20 00:44 . 2012-12-28 23:38 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-02 01:48 . 2013-09-12 14:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-25 09:25 . 2013-08-13 23:46 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-13 23:46 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58 . 2013-08-13 23:46 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-19 01:41 . 2013-08-13 23:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-07-09 05:52 . 2013-08-13 23:46 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 05:51 . 2013-08-13 23:46 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 05:46 . 2013-08-13 23:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 05:46 . 2013-08-13 23:46 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 05:46 . 2013-08-13 23:46 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-09 04:52 . 2013-08-13 23:46 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-07-09 04:52 . 2013-08-13 23:46 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-07-09 04:46 . 2013-08-13 23:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-07-09 04:46 . 2013-08-13 23:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-07-09 04:46 . 2013-08-13 23:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-07-06 06:03 . 2013-08-13 23:46 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-31 4480456]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]

"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]

"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]

"Fastboot"="c:\program files (x86)\Lenovo\Rapidboot\FBConsole.exe" [2011-12-16 1260128]

"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNA3100 Genie.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-8-6 8364288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]

S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\Rapidboot\FBService.exe;c:\program files (x86)\Lenovo\Rapidboot\FBService.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-28 00:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-05 12850792]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\i7n71xh8.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Brian\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe

Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Brian\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]

"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]

"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-09-28 21:52:14 - machine was rebooted

ComboFix-quarantined-files.txt 2013-09-29 04:52

.

Pre-Run: 894,442,659,840 bytes free

Post-Run: 893,921,697,792 bytes free

.

- - End Of File - - 81D7FAA9D8E74FF0FA56B7360D532C3E



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:12 PM

Posted 29 September 2013 - 12:10 AM

Hello Brian


Click on the start button
In the search field type in device manager
open device manager and find the wireless network adapter and uninstall it
now restart the computer and allow it to reinstall



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BrianArizona

BrianArizona
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 29 September 2013 - 12:31 AM

Hi Gringo- I have tried this several times now. It's not allowing me to uninstall my Netgear WNA3100 Wireless USB Adapter. I click on uninstall and it quickly flashes but does not actually uninstall it. If I unplug the wireless adapter, it goes away from the device manager screen. If I plug it back in, it appears on the device manager screen. Not sure how else to uninstall it??

 

If you can help me with this, I would totally appreciate it!!! You have been so awesome with helping me out....thank you.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:12 PM

Posted 29 September 2013 - 01:03 AM


Hello BrianArizona

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 BrianArizona

BrianArizona
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 29 September 2013 - 01:24 AM

Thanks Gringo....

 

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Apple Application Support
Apple Software Update
CameraHelperMsi
Comparing
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DisplayFusion 4.0.1
Education Portal
Epson Connect
Epson Event Manager
EPSON Scan
EpsonNet Print
erLT
Find the Differences
Finding the Letters
Fruits
Intel® Control Center
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Lenovo Blacksilk USB Keyboard Driver
Lenovo Driver and Application Installation
Lenovo Power2Go
Lenovo Rescue System
Logitech Vid HD
Logitech Webcam Software
LVT
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Matching Roles
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NETGEAR WNA3100 wireless USB 2.0 adapter
Picture Books
Puzzle
QuickTime
Rapidboot Advanced
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3
Scratch
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Skype™ 6.5
sudoku
timer
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:12 PM

Posted 29 September 2013 - 01:35 AM

Hello

you are using a plug in device to access the internet?

do you have the CD for this? The adapter is there in the uninstall list - NETGEAR WNA3100 wireless USB 2.0 adapter



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 BrianArizona

BrianArizona
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 29 September 2013 - 01:52 AM

I am using a wireless USB adapter (Netgear WNA 3100) to access the internet. I do not have a CD for this adapter. I cannot uninstall this adapter. It does not uninstall when I try to uninstall it. Should I plug in my Ethernet cable hooked up to my router and try something? Thanks for your help Gringo!



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:12 PM

Posted 29 September 2013 - 01:58 AM

Hello Brian

Have you tried to do it like you would a normal program from add/remove?

You can download it again from here - http://kb.netgear.com/app/answers/detail/a_id/17393/~/wna3100-software-version-1.1.3.22


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BrianArizona

BrianArizona
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 30 September 2013 - 11:41 PM

Hi Gringo,

 

I was able to remove the Netgear Wireless Adapter using the add/remove program. However, I have tried 3 different wireless adapters now and it's not recognizing any of them? Could the FBI virus have wiped something off my computer so my wireless adapters do not work? I am banging my head trying to figure this out. Thanks again for all of your help!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users