Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow, already did a disk cleanup same problem


  • This topic is locked This topic is locked
46 replies to this topic

#1 rchow427

rchow427

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 13 October 2013 - 07:44 AM

Accessing the computer disk drives takes a couple seconds and internet seems to be extremely slow. I checked my hjt log and saw several lines that says "no name or no file". Not sure what to have hjt fix or if I'm infected with anything. Please help, Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.21.2
Run by ViPeR427 at 8:22:38 on 2013-10-13
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.672 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\AOL\1353130725\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RingCentral\eXtreme Fax\RCHotKey.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HP Photosmart 6520 series (NET)] "c:\program files\hp\hp photosmart 6520 series\bin\ScanToPCActivationApp.exe" -deviceID "CN2BU352W805XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
uRun: [RCUI] "c:\progra~1\ringce~1\extrem~1\RCUI.exe"
uRun: [RCHotKey] "c:\program files\ringcentral\extreme fax\RCHotKey.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [HostManager] c:\program files\common files\aol\1353130725\ee\AOLSoftware.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\viper427\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5DBE6A96-794A-4489-BD68-CDDE8420475A} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{5DBE6A96-794A-4489-BD68-CDDE8420475A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F9EA5CB6-3224-4835-8B88-56A68AD0D974} : DHCPNameServer = 198.224.188.236 198.224.189.236
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\viper427\appdata\roaming\mozilla\firefox\profiles\guf4y445.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\viper427\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\viper427\appdata\roaming\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-08-13 08:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-7 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-7 175176]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-7-8 39472]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-12 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-12 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-12 46808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-12-13 115312]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-1-3 44296]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-1-3 12808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-8 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-3 30192]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
.
=============== Created Last 30 ================
.
2013-10-11 19:44:04    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-11 19:44:03    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-10-11 19:44:03    149656    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-10-11 19:44:02    768512    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-10-11 19:44:02    194560    ----a-w-    c:\program files\internet explorer\IEShims.dll
2013-10-11 19:44:01    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-10-11 19:44:00    194560    ----a-w-    c:\program files\internet explorer\ieproxy.dll
2013-10-11 09:04:18    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{2e20228e-7516-4804-b3a2-f0f27bea3b36}\offreg.dll
2013-10-11 08:47:41    7328304    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{2e20228e-7516-4804-b3a2-f0f27bea3b36}\mpengine.dll
2013-10-09 05:38:48    35328    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2013-10-09 05:38:46    25472    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-09-26 04:00:14    --------    d-----w-    c:\program files\iPod
2013-09-26 03:59:31    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-26 03:59:31    --------    d-----w-    c:\program files\iTunes
.
==================== Find3M  ====================
.
2013-10-09 18:48:02    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 18:48:02    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 10:14:39    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-08-29 07:36:04    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-08-27 02:47:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52:08    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28:36    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-08-27 01:28:35    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-08-07 08:22:04    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-02 02:48:05    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-01 03:16:32    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-08-01 02:49:15    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-07-20 10:44:53    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 19:41:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-16 04:35:16    615936    ----a-w-    c:\windows\system32\themeui.dll
.
============= FINISH:  8:33:21.41 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 18 October 2013 - 07:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/510664 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 22 October 2013 - 10:16 AM

Greetings rchow427 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please complete these steps for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Farbar logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 25 October 2013 - 08:09 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 rchow427

rchow427
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 27 October 2013 - 01:14 AM

Hi Gary, you can call me Rick, sorry for the late reply but the logs are as follows... btw I will not be able to answer your next reply for 7 days, please keep this thread open as I will follow up in 7 days, sorry about that.
 
 
# AdwCleaner v3.010 - Report created 27/10/2013 at 00:23:57
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : ViPeR427 - VIPER
# Running from : C:\Users\ViPeR427\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16514
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\prefs.js ]
 
Line Deleted : user_pref("bettergmail2.enabled.inboxcount", true);
Line Deleted : user_pref("bettergmail2.enabled.inboxcountfirst", true);
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\ViPeR427\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2544 octets] - [27/10/2013 00:10:48]
AdwCleaner[S0].txt - [2521 octets] - [27/10/2013 00:23:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2581 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by ViPeR427 on Sun 10/27/2013 at  1:07:48.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\ViPeR427\AppData\Roaming\red kawa"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\red kawa"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\ViPeR427\AppData\Roaming\mozilla\firefox\profiles\guf4y445.default\minidumps [189 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\ViPeR427\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/27/2013 at  1:18:51.16
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01
Ran by ViPeR427 (administrator) on VIPER on 27-10-2013 01:21:17
Running from C:\Users\ViPeR427\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1353130725\ee\aolsoftware.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(RingCentral, Inc.) C:\Program Files\RingCentral\eXtreme Fax\RCUI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(RingCentral, Inc.) C:\Program Files\RingCentral\eXtreme Fax\RCHotKey.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1353130725\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3567800 2013-10-21] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [HP Photosmart 6520 series (NET)] - C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [RCUI] - C:\PROGRA~1\RINGCE~1\EXTREM~1\RCUI.exe [500992 2010-11-23] (RingCentral, Inc.)
HKCU\...\Run: [RCHotKey] - C:\Program Files\RingCentral\eXtreme Fax\RCHotKey.exe [38144 2010-11-23] (RingCentral, Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [CTSyncU.exe] - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [ 2007-07-17] ()
HKU\Mcx1\...\RunOnce: [InetReg] - "C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6
HKU\Mcx1\...\RunOnce: [CTAutoUpdate] - C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe [ 2007-01-04] (Creative Technology Ltd)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Mcx2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx2\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Mcx2\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx2\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx2\...\Run: [CTSyncU.exe] - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [ 2007-07-17] ()
HKU\Mcx2\...\RunOnce: [InetReg] - "C:\Program Files\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /PortableDevice /Delay=6
HKU\Mcx2\...\RunOnce: [CTAutoUpdate] - C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe [ 2007-01-04] (Creative Technology Ltd)
HKU\Mcx2\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Mcx2.ViPeR\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx2.ViPeR\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Mcx2.ViPeR\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx2.ViPeR\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Mcx3\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx3\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Mcx3\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx3\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [ 2010-06-22] (Google)
Startup: C:\Users\ViPeR427\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -  No File
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DBE6A96-794A-4489-BD68-CDDE8420475A}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\ViPeR427\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\ViPeR427\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\verizontb.xml
FF Extension: Better Gmail 2 - C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\Extensions\bettergmail2@ginatrapani(18).org
FF Extension: Xmarks - C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\Extensions\foxmarks@kei.com
FF Extension: KeyScrambler - C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\Extensions\keyscrambler@qfx.software.corporation
FF Extension: Microsoft .NET Framework Assistant - C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: feedly - C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\Extensions\feedly@devhd.xpi
FF Extension: izer - C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\Extensions\izer@camelcamelcamel.com.xpi
FF Extension: jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI - C:\Users\ViPeR427\AppData\Roaming\Mozilla\Firefox\Profiles\guf4y445.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
 
Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\ViPeR427\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ViPeR427\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\ViPeR427\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ViPeR427\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\ViPeR427\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
 
========================== Services (Whitelisted) =================
 
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618936 2009-01-20] (Acronis)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-21] (AVAST Software)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2006-12-15] (SEIKO EPSON CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-22] (Google)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [109728 2011-01-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-10-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-10-21] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-10-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-10-21] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-10-21] ()
S3 avcgbdr; C:\Windows\System32\drivers\avcgbdr.sys [125568 2005-09-26] (Adaptec, Inc.)
S3 avcgbfl; C:\Windows\System32\Drivers\avcgbfl.sys [19712 2005-10-26] (Adaptec, Inc)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [39472 2008-01-21] (Paragon Software Group)
R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10752 2003-12-25] (InterVideo, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [115312 2009-10-04] (QFX Software Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [44296 2013-01-03] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12808 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-06-30] (Acronis)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [971552 2009-06-30] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-06-30] (Acronis)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12672 2007-04-09] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [21248 2007-04-09] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [22912 2007-04-09] (LG Electronics Inc.)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S3 xusb20; C:\Windows\System32\DRIVERS\xusb20.sys [50048 2006-10-13] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\ViPeR427\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-27 01:19 - 2013-10-27 01:19 - 00000000 ____D C:\FRST
2013-10-27 01:18 - 2013-10-27 01:18 - 00001162 _____ C:\Users\ViPeR427\Desktop\JRT.txt
2013-10-27 01:01 - 2013-10-27 01:01 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 00:59 - 2013-10-27 00:59 - 00002661 _____ C:\Users\ViPeR427\Desktop\AdwCleaner[S0].txt
2013-10-27 00:10 - 2013-10-27 00:24 - 00000000 ____D C:\AdwCleaner
2013-10-27 00:09 - 2013-10-27 00:09 - 01089001 _____ (Farbar) C:\Users\ViPeR427\Desktop\FRST.exe
2013-10-27 00:08 - 2013-10-27 00:08 - 01033335 _____ (Thisisu) C:\Users\ViPeR427\Desktop\JRT.exe
2013-10-27 00:06 - 2013-10-27 00:06 - 01060070 _____ C:\Users\ViPeR427\Desktop\adwcleaner.exe
2013-10-25 11:10 - 2013-10-25 11:16 - 00000000 ____D C:\Program Files\AOL Desktop 9.7a
2013-10-21 22:04 - 2013-10-21 22:04 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\InstallShield
2013-10-21 21:16 - 2013-10-21 21:16 - 00001626 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-21 21:14 - 2013-10-21 21:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-21 21:14 - 2013-10-21 21:14 - 00000000 ____D C:\Program Files\iPod
2013-10-21 13:08 - 2013-10-21 13:08 - 00000391 _____ C:\Windows\COVERE~1.INI
2013-10-21 03:38 - 2013-10-21 03:38 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-21 03:37 - 2013-10-27 01:04 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-21 03:37 - 2013-10-27 00:42 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 03:03 - 2013-10-21 03:03 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\AVAST Software
2013-10-21 02:47 - 2013-10-21 02:47 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\Oracle
2013-10-21 02:44 - 2013-10-21 02:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 02:37 - 2013-10-21 02:35 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 02:36 - 2013-10-21 02:36 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 02:36 - 2013-10-21 02:35 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 02:36 - 2013-10-21 02:35 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-20 22:51 - 2013-10-20 22:53 - 00025975 _____ C:\Users\ViPeR427\Desktop\Packing_List_Spreadsheet.xlsx
2013-10-20 22:33 - 2013-10-20 22:32 - 00819144 _____ (Google Inc.) C:\Users\ViPeR427\Desktop\ChromeSetup.exe
2013-10-13 08:33 - 2013-10-13 08:33 - 00013976 _____ C:\Users\ViPeR427\Desktop\dds.txt
2013-10-13 08:33 - 2013-10-13 08:33 - 00008564 _____ C:\Users\ViPeR427\Desktop\attach.txt
2013-10-13 08:21 - 2013-10-13 08:21 - 00688992 ____R (Swearware) C:\Users\ViPeR427\Desktop\dds.com
2013-10-11 15:44 - 2013-09-22 06:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 15:44 - 2013-09-22 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-11 15:44 - 2013-09-22 06:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-11 15:44 - 2013-09-22 06:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 15:44 - 2013-09-22 06:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 15:44 - 2013-09-22 06:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-11 15:44 - 2013-09-22 05:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 15:43 - 2013-09-22 06:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 15:43 - 2013-09-22 06:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 15:43 - 2013-09-22 06:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 15:43 - 2013-09-22 06:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-11 15:43 - 2013-09-22 06:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 15:43 - 2013-09-22 06:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 15:43 - 2013-09-22 06:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-11 15:43 - 2013-09-22 06:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 15:43 - 2013-09-22 06:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 01:39 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 01:39 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 01:39 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 01:39 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 01:39 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 01:39 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 01:39 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 01:39 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 01:39 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 01:39 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 01:39 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 01:39 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 01:39 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 01:39 - 2013-07-12 05:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 01:39 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 01:39 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 01:39 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 01:39 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 01:39 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 01:39 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 01:39 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 01:39 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 01:39 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 01:39 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 01:38 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 01:38 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-07 22:11 - 2013-10-12 23:39 - 00000795 _____ C:\Windows\setupact.log
2013-10-07 22:11 - 2013-10-07 22:11 - 00000000 _____ C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2013-10-27 01:19 - 2013-10-27 01:19 - 00000000 ____D C:\FRST
2013-10-27 01:18 - 2013-10-27 01:18 - 00001162 _____ C:\Users\ViPeR427\Desktop\JRT.txt
2013-10-27 01:11 - 2007-08-03 11:50 - 02062070 _____ C:\Windows\WindowsUpdate.log
2013-10-27 01:04 - 2013-10-21 03:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 01:04 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 01:04 - 2006-11-02 08:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 01:04 - 2006-11-02 08:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 01:02 - 2006-11-02 09:01 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 01:01 - 2013-10-27 01:01 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 00:59 - 2013-10-27 00:59 - 00002661 _____ C:\Users\ViPeR427\Desktop\AdwCleaner[S0].txt
2013-10-27 00:47 - 2012-10-09 01:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 00:42 - 2013-10-21 03:37 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 00:27 - 2012-06-04 18:20 - 00751852 _____ C:\Windows\PFRO.log
2013-10-27 00:24 - 2013-10-27 00:10 - 00000000 ____D C:\AdwCleaner
2013-10-27 00:09 - 2013-10-27 00:09 - 01089001 _____ (Farbar) C:\Users\ViPeR427\Desktop\FRST.exe
2013-10-27 00:08 - 2013-10-27 00:08 - 01033335 _____ (Thisisu) C:\Users\ViPeR427\Desktop\JRT.exe
2013-10-27 00:06 - 2013-10-27 00:06 - 01060070 _____ C:\Users\ViPeR427\Desktop\adwcleaner.exe
2013-10-25 11:16 - 2013-10-25 11:10 - 00000000 ____D C:\Program Files\AOL Desktop 9.7a
2013-10-25 11:15 - 2012-11-17 01:41 - 00000805 _____ C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2013-10-25 11:15 - 2012-11-17 01:39 - 00000000 ____D C:\Users\ViPeR427\AppData\Local\AOL
2013-10-25 11:15 - 2012-11-17 01:38 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-10-25 11:15 - 2011-04-06 12:54 - 00092752 _____ C:\install.log
2013-10-25 11:15 - 2007-08-12 13:02 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\AOL
2013-10-25 11:12 - 2011-12-15 20:05 - 00000000 ____D C:\Users\Mcx3
2013-10-25 11:10 - 2012-11-17 01:38 - 00000000 ____D C:\Program Files\Common Files\aolshare
2013-10-21 22:04 - 2013-10-21 22:04 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\InstallShield
2013-10-21 21:16 - 2013-10-21 21:16 - 00001626 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-21 21:16 - 2013-10-21 21:14 - 00000000 ____D C:\Program Files\iTunes
2013-10-21 21:14 - 2013-10-21 21:14 - 00000000 ____D C:\Program Files\iPod
2013-10-21 21:14 - 2008-04-01 20:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-21 20:26 - 2010-12-04 21:19 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\vlc
2013-10-21 20:05 - 2008-05-03 15:49 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-10-21 19:29 - 2007-08-07 19:31 - 00085504 _____ C:\Users\ViPeR427\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-21 13:08 - 2013-10-21 13:08 - 00000391 _____ C:\Windows\COVERE~1.INI
2013-10-21 11:54 - 2013-04-13 01:24 - 00000000 ____D C:\Users\ViPeR427\Desktop\Scans
2013-10-21 04:00 - 2007-08-07 19:12 - 00000000 ____D C:\Users\ViPeR427\AppData\Local\Google
2013-10-21 03:38 - 2013-10-21 03:38 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-21 03:37 - 2007-08-03 12:05 - 00000000 ____D C:\Program Files\Google
2013-10-21 03:03 - 2013-10-21 03:03 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\AVAST Software
2013-10-21 02:47 - 2013-10-21 02:47 - 00000000 ____D C:\Users\ViPeR427\AppData\Roaming\Oracle
2013-10-21 02:44 - 2013-10-21 02:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 02:36 - 2013-10-21 02:36 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 02:35 - 2013-10-21 02:37 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 02:35 - 2013-10-21 02:36 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 02:35 - 2013-10-21 02:36 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 01:17 - 2013-04-07 09:41 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-21 01:17 - 2013-04-07 09:41 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-21 01:17 - 2012-10-12 18:19 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-21 01:17 - 2012-10-12 18:19 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-21 01:17 - 2012-10-12 18:19 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-21 01:17 - 2012-10-12 18:19 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-21 01:17 - 2012-10-12 18:19 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-10-21 01:17 - 2012-10-12 18:19 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-21 01:17 - 2012-10-12 18:19 - 00001835 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-21 01:17 - 2012-10-12 18:18 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-21 01:17 - 2012-10-12 18:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-21 01:12 - 2006-11-02 06:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-20 22:53 - 2013-10-20 22:51 - 00025975 _____ C:\Users\ViPeR427\Desktop\Packing_List_Spreadsheet.xlsx
2013-10-20 22:32 - 2013-10-20 22:33 - 00819144 _____ (Google Inc.) C:\Users\ViPeR427\Desktop\ChromeSetup.exe
2013-10-20 22:31 - 2006-11-02 06:33 - 00707520 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 09:12 - 2007-08-14 01:13 - 00000000 ____D C:\Users\ViPeR427\AppData\Local\Adobe
2013-10-13 09:11 - 2012-04-07 23:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-13 09:11 - 2011-05-21 20:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 08:33 - 2013-10-13 08:33 - 00013976 _____ C:\Users\ViPeR427\Desktop\dds.txt
2013-10-13 08:33 - 2013-10-13 08:33 - 00008564 _____ C:\Users\ViPeR427\Desktop\attach.txt
2013-10-13 08:21 - 2013-10-13 08:21 - 00688992 ____R (Swearware) C:\Users\ViPeR427\Desktop\dds.com
2013-10-12 23:39 - 2013-10-07 22:11 - 00000795 _____ C:\Windows\setupact.log
2013-10-11 18:54 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 18:33 - 2006-11-02 08:47 - 00705928 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 15:51 - 2013-08-16 16:34 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 15:47 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-07 22:11 - 2013-10-07 22:11 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 06:16 - 2013-08-17 00:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-29 06:16 - 2012-04-25 10:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
 
Some content of TEMP:
====================
C:\Users\ViPeR427\AppData\Local\temp\AcsInstall.dll
C:\Users\ViPeR427\AppData\Local\temp\Quarantine.exe
C:\Users\ViPeR427\AppData\Local\temp\SHFOLDER.DLL
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-27 01:19
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013 01
Ran by ViPeR427 at 2013-10-27 01:22:10
Running from C:\Users\ViPeR427\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.30017)
7-Zip 9.20
Acronis True Image Home (Version: 12.0.9709)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Air Video Server 2.4.3 (Version: 2.4.3)
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 9.0.2006)
AviSynth 2.5
BitPim 1.0.6 (Version: 1.0.6)
Bonjour (Version: 3.0.0.10)
Catalina Savings Printer (Version: 1.0.0)
CCleaner (Version: 3.24)
Citrix Online Launcher (Version: 1.0.109)
CodecPatch (Version: 1.00.0000)
Coupon Printer for Windows (Version: 5.0.0.3)
Creative Software AutoUpdate
Creative System Information
Creative ZEN (Version: 1.0)
dBpoweramp DSP Effects
dBpoweramp FLAC Codec (Version: Release 14 (FLAC 1.2.1))
dBpoweramp Music Converter
Dell System Customization Wizard (Version: 1.00.0000)
DellSupport (Version: 6.0.3075)
D-Link VGA Webcam
EPSON Printer Software
EPSON Scan
eReg (Version: 1.20.138.34)
eXtreme Fax Call Controller
Garmin POI Loader (Version: 2.5.4.0)
Garmin USB Drivers (Version: 2.3.0.0)
Google Chrome (Version: 30.0.1599.101)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.169)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
Hong Kong Mahjong 1024x768
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photosmart 6520 series Basic Device Software (Version: 28.0.1315.0)
HP Update (Version: 5.003.003.001)
HPDiagnosticAlert (Version: 1.00.0000)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
iCloud (Version: 2.1.2.8)
ImgBurn (Version: 2.4.0.0)
Intel® Matrix Storage Manager
Intel® Network Connections 16.1.53.0 (Version: 16.1.53.0)
InterVideo Home Theater
iTunes (Version: 11.1.1.11)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
KeyScrambler
LG USB Modem driver
LightScribe 1.8.15.1 (Version: 1.8.15.1)
Logitech Harmony Remote Software 7 (Version: 7.4.1.1)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech SetPoint 6.52 (Version: 6.52.74)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft IntelliType Pro 6.1 (Version: 6.10.156.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Microsoft Xbox 360 Accessories 1.1 (Version: 1.10.123.0)
Microsoft XML Parser (Version: 8.70.1104.04)
MobileMe Control Panel (Version: 3.1.8.0)
Mobipocket Creator 4.2 (Version: 4.2.41)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Ultra Edition (Version: 7.02.9753)
neroxml (Version: 1.0.0)
NVIDIA Drivers
Paragon Partition Manager 9.0 Professional
Patch (Version: 1.00.0000)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Picasa 3 (Version: 3.9)
Plex Media Server (Version: 0.9.728)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Product Documentation Launcher (Version: 1.00.0000)
QualxServ Service Agreement (Version: 1.11.0000)
QuickTime (Version: 7.74.80.86)
Real Alternative 1.9.0 Lite (Version: 1.9.0)
Remote Control USB Driver (Version: 2.3.2.317)
RTC Client API v1.2 (Version: 1.2.0000)
SC Ver 2.68
SigmaTel Audio (Version: 5.10.5102.0)
Skype™ 4.0 (Version: 4.0.227)
System Requirements Lab for Intel (Version: 4.4.22.0)
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
URL Assistant
User's Guides
V CAST Music Manager (Version: )
VCRedistSetup (Version: 1.0.0)
Videora iPod nano Converter 4.05 (Version: 4.05)
VLC media player 2.0.8 (Version: 2.0.8)
WD Diagnostics (Version: 1.09.0002)
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRAR archiver
WinSCP 4.3.5 (Version: 4.3.5)
WinZip 15.5 (Version: 15.5.9468)
ZEN Media Explorer
Zip Motion Block Video codec (Remove Only)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points =========================

22-10-2013 04:51:15 Scheduled Checkpoint
22-10-2013 07:50:17 Windows Update
23-10-2013 04:00:08 Scheduled Checkpoint
24-10-2013 04:00:07 Scheduled Checkpoint
25-10-2013 04:00:05 Scheduled Checkpoint
25-10-2013 08:46:16 Windows Update
26-10-2013 04:00:08 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 06:23 - 2013-05-13 19:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0854A988-B694-4087-8D5D-ABBBE9B4F112} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {358B4F92-B10F-42FE-AE27-642AE0CA79F7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {3AF506AE-DEFD-4D4E-ABAB-837CD405CD08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-13] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3BEABB3C-1741-4E90-A4D7-F40255467076} - System32\Tasks\HP AR Program Upload - fdb2d21e62c643299c05f038c9f9b1401bd5be54a9bb4aa2bbbd1ae78f109b80 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {6BB77470-3BD9-459F-B043-B12937B29198} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {6E656A5C-0F06-46C1-B239-9EE80F42B4FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7B73B6AF-DE3C-4771-BD26-A6EE79AF79FC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2007-08-31] (Microsoft Corporation)
Task: {80C131E1-C060-4367-B585-4A53648F7747} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.)
Task: {ABFB0404-A865-4AF4-87F0-51DEDFD427C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.)
Task: {B59EDF79-1416-4B3C-AABD-0ADACE03F366} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BB5B1BE3-5DF7-4E74-ACB6-E888CF2C4438} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2006-11-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F0C1246E-9E47-49E3-B840-0B2402E2817A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-21] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-21 01:16 - 2013-10-21 01:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-30 18:08 - 2010-11-23 16:53 - 01049856 _____ () C:\Program Files\RingCentral\eXtreme Fax\RCTH.dll
2013-04-30 18:08 - 2010-11-23 16:53 - 00374016 _____ () C:\Program Files\RingCentral\eXtreme Fax\RCABEx.dll
2013-04-30 18:08 - 2010-11-23 16:46 - 01167360 _____ () C:\Program Files\RingCentral\eXtreme Fax\Characters\RCSPSKPAGERDARKTHIN.DLL
2013-04-30 18:08 - 2010-05-05 12:21 - 00126976 _____ () C:\Program Files\RingCentral\eXtreme Fax\NetFixDll.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-06-05 09:39:35.513
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:39:35.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:39:34.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:39:34.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:39:34.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:39:34.212
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:36:16.304
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:36:16.040
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:36:15.780
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 09:36:15.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 2045.21 MB
Available physical RAM: 948.86 MB
Total Pagefile: 4333.41 MB
Available Pagefile: 3209.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.97 GB) (Free:17.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.47 GB) NTFS
Drive e: (DATA STUFF) (Fixed) (Total:465.76 GB) (Free:97.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: E8000000)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: AB9AEB58)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Oh My, 27 October 2013 - 08:19 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 27 October 2013 - 08:49 AM

Hi Rick,

Glad we were able to connect. Thank you for letting me know of the delay.

When you are able, please consider and do this for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Mcx2\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Mcx2.ViPeR\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Mcx3\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -  No File
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Users\ViPeR427\AppData\Local\temp\AcsInstall.dll
C:\Users\ViPeR427\AppData\Local\temp\Quarantine.exe
C:\Users\ViPeR427\AppData\Local\temp\SHFOLDER.DLL
Task: {B59EDF79-1416-4B3C-AABD-0ADACE03F366} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\COVERE~1.INI

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Virustotal link
  • TFC log (if there is one)
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 05 November 2013 - 09:27 AM

Hi Rick,

Have we been able to make any progress yet?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 rchow427

rchow427
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 05 November 2013 - 11:47 AM

Hi Gary, thanks for the follow up, I was able to do everything but when I ran TFC, it does it's thing then stops responding. I waited for 10 minutes so I closed TFC and had no desktop so I  used task manager to reboot, then rerun the prog and the same thing happened but here's the logs thus far. BTW startup still seems to be a little slow and firefox is still getting the occasional (not responding) then continueing to work after a couple seconds.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01
Ran by ViPeR427 at 2013-11-05 10:22:41 Run:1
Running from C:\Users\ViPeR427\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\Mcx2\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\Mcx2.ViPeR\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\Mcx3\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -  No File
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Users\ViPeR427\AppData\Local\temp\AcsInstall.dll
C:\Users\ViPeR427\AppData\Local\temp\Quarantine.exe
C:\Users\ViPeR427\AppData\Local\temp\SHFOLDER.DLL
Task: {B59EDF79-1416-4B3C-AABD-0ADACE03F366} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
*****************

HKU\Mcx1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Mcx2\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Mcx2.ViPeR\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Mcx3\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75} => Key deleted successfully.
HKCR\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Users\ViPeR427\AppData\Local\temp\AcsInstall.dll => Moved successfully.
C:\Users\ViPeR427\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\ViPeR427\AppData\Local\temp\SHFOLDER.DLL => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B59EDF79-1416-4B3C-AABD-0ADACE03F366} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B59EDF79-1416-4B3C-AABD-0ADACE03F366} => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly) => Key deleted successfully.

==== End of Fixlog ====

 

https://www.virustotal.com/en/file/2a9f74f570dcf786bdd691738149a17cab6007ee6e8a85f342f9d2f0f631a478/analysis/1383665137/

 

No TFC log maybe because I had to close the prog since it wasn't responding after a while.

 

Startup seems to still take a while, accessing the drives on the computer seems a little faster, internet seems ok with the occasional firefox not responding hiccup. Only have 17gb left on my c: drive and don't know whats taking up all that space, I thought it was itunes but all my music is on my d: drive. Maybe the apps are still on the c drive, I dunno.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 05 November 2013 - 03:21 PM

Hi Rick,

Thanks for the information and the update. Please do this.

===================================================

HijackThis

--------------------
  • Download HijackThis and save it to your desktop
  • Double click the icon, then select Run
  • If prompted select I Accept
  • Click on Do a system scan and save a logfile
  • A report will be generated and will appear on your desktop as an open Notepad document
  • Copy and paste the contents in your reply
===================================================

ATF Cleaner by Atribune

--------------------
  • Download ATF Cleaner and save it to your desktop
  • Double-click ATF-Cleaner.exe
  • Under Main choose Select All
  • Uncheck cookies
  • Click the Empty Selected button
If you use Firefox web browser
  • Click Firefox at the top and choose: Select All
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Uncheck cookies
  • Click the Empty Selected button
If you use Opera web browser
  • Click Opera at the top and choose: Select All
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Uncheck cookies
  • Click the Empty Selected button
Click Exit on the Main menu to close the program then reboot your computer to check the performance.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • HIjackThis Log
  • How is your computer running? Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 rchow427

rchow427
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 05 November 2013 - 10:48 PM

Hi Gary, after reboot, computer seems to still be slow at startup, firefox seems ok after an initial (not responding)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:17:35 PM, on 11/5/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\AOL\1353130725\ee\aolsoftware.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\RingCentral\eXtreme Fax\RCUI.exe
C:\Program Files\RingCentral\eXtreme Fax\RCHotKey.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Users\ViPeR427\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1353130725\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BU352W805XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [RCUI] "C:\PROGRA~1\RINGCE~1\EXTREM~1\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\eXtreme Fax\RCHotKey.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DBE6A96-794A-4489-BD68-CDDE8420475A}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8510 bytes
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 05 November 2013 - 11:04 PM

If you look at the 04 entries in the HijackThis list there may be some programs you do not need to start at boot up, like iTunes, Apple, and AOL, for example. You will need to decide which items to check. Placing a checkmark next to an item does not remove the program, rather it modifies some settings so the program doesn't start automatically upon boot up, thus lengthening the boot up process.

===================================================

HiJack This Fix

--------------------
  • Launch HijackThis
  • Click Do a system scan only
  • Place a checkmark next to the entries you have identified
  • Close all other windows and browsers except HijackThis and press Fix checked.
  • Upon completion reboot your computer
  • Check your computer start up process
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 rchow427

rchow427
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 07 November 2013 - 12:53 AM

Hi Gary I clicked on fix for the 04 aol, ituneshelper, and ehtray but things didn't seem like they changed. Maybe its time just to buy a new comp. Thanks for all of your help.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 07 November 2013 - 09:11 AM

Greetings,

Are you saying you no longer want to work on your computer? I was going to provide another program to try to clean out the temporary files.

Let me know what you would like to do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 rchow427

rchow427
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 08 November 2013 - 08:46 AM

I'm always open to suggestions, I'll keep trying, thanks

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 08 November 2013 - 09:29 AM

Great, I am not ready to give up yet but it is your computer. :)

Were you able to attempt to run ATF from Post #9? If not, please do that and in addition please run this.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ATF
  • OTL logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users