Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess, Multiple PUP's


  • This topic is locked This topic is locked
19 replies to this topic

#1 linuxpowers

linuxpowers

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 19 December 2013 - 12:43 PM

I have this Pavilion Noteboook running Windows 7 SP1, 64bit, that I took a look at, at someones request and decided to install Malwarebytes Anti-Malware and do a quick scan. It found 256 items for which I had it remove and then rebooted, mostly PUP's. I ran another scan (full scan) and 17 more came up. Once again, clean and reboot, for which the reboot process, while loading user account took extremely long.  I found strange icons on the desktop, "Global Tech Expert" and "MyTechGurus". Upon inquiry, I was told that the user got online and allowed these to manipulate the computer, remotely! I also noticed CCleaner was installed but not used frequently. I've taken a look at the quarentine section of McAfee and found a long list of PUP's and a couple recent ZeroAccess's. I also notice many toolbars installed that I don't particularly care for. I'm not sure who's been working on this thing and what has been done. The OS seems to function properly and I'm not getting any strange pop-ups....just to many indications of infection.  Not sure what to do at this point.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750
Run by Theresa at 11:03:53 on 2013-12-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1540 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Theresa\AppData\LocalLow\alotservice\alotservice.exe
C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\InboxAce_1g Chrome Extension\bar\CrxRegPatcher.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIICE.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\vds.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://att.net
mStart Page = hxxp://www.yahoo.com/?fr=befhp&type=iehp-3.2-1307
uURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files (x86)\AOL Radio Toolbar\aolradiotb.dll
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uURLSearchHooks: AOL Mail Toolbar Search Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: LokeBar Toolbar: {2d922b81-34c7-4aab-9c5d-433e79fc9445} - C:\Program Files (x86)\LokeBar\prxtbLoke.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files (x86)\AddThis Toolbar\Helper.dll
uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
uURLSearchHooks: <No Name>: {801120a5-289d-4a31-9d09-3f1794681e02} - C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5iSrcAs.dll
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files (x86)\AOL Radio Toolbar\aolradiotb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AOL Mail Toolbar Search Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll
mURLSearchHooks: LokeBar Toolbar: {2d922b81-34c7-4aab-9c5d-433e79fc9445} - C:\Program Files (x86)\LokeBar\prxtbLoke.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: BeFrugalIEHelper: {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files (x86)\AOL Radio Toolbar\aolradiotb.dll
BHO: LokeBar Toolbar: {2d922b81-34c7-4aab-9c5d-433e79fc9445} - C:\Program Files (x86)\LokeBar\prxtbLoke.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
BHO: Search Assistant BHO: {9641d095-2c78-400e-bbb0-c20f3108358b} - C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5iSrcAs.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
BHO: BargainMatch Extension: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - C:\Program Files (x86)\BargainMatch\bmext.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Toolbar BHO: {e1bfc11e-a392-4575-9ee7-27a96eb0db90} - C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5ibar.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
BHO: Search Results Toolbar: {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll
BHO: AOL Mail Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: LokeBar Toolbar: {2D922B81-34C7-4AAB-9C5D-433E79FC9445} - C:\Program Files (x86)\LokeBar\prxtbLoke.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: GasGlance: {865FC489-56EB-41FA-BB25-027900188070} - C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5ibar.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: AOL Radio Toolbar: {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files (x86)\AOL Radio Toolbar\aolradiotb.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: LokeBar Toolbar: {2d922b81-34c7-4aab-9c5d-433e79fc9445} - C:\Program Files (x86)\LokeBar\prxtbLoke.dll
TB: AOL Mail Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll
TB: Search Results Toolbar: {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
TB: GasGlance: {865fc489-56eb-41fa-bb25-027900188070} - C:\Program Files (x86)\GasGlance_5i\bar\1.bin\5ibar.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files (x86)\AOL Radio Toolbar\aolradiotb.dll
TB: BeFrugal.com Toolbar: {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIICE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-300 Series"
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIICE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-300 Series"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [InboxAce_1g Chrome Extension-bar-CrxRegPatcher] "C:\Program Files (x86)\InboxAce_1g Chrome Extension\bar\CrxRegPatcher.exe" /r
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - C:\Program Files (x86)\BargainMatch\bmext.dll/content|js|bargainmatchoptions.hta
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\Windows\System32\Sendori.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{EDC35F4F-B734-464B-897C-E75FB2D9FBF8} : DHCPNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{EDC35F4F-B734-464B-897C-E75FB2D9FBF8}\14454533745375932653 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EDC35F4F-B734-464B-897C-E75FB2D9FBF8}\14E64627F69646140533436393 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{EDC35F4F-B734-464B-897C-E75FB2D9FBF8}\4496A7A7973456461627D27657563747 : DHCPNameServer = 192.168.1.1 192.168.33.1
TCP: Interfaces\{EDC35F4F-B734-464B-897C-E75FB2D9FBF8}\E45445745414258323 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\wqwy2zpv.default\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
FF - plugin: C:\Program Files (x86)\GasGlance_5i\bar\1.bin\NP5iStub.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Theresa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Theresa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-9-8 782360]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-9-8 343696]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-8 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-7 46368]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys [2012-11-7 167048]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AlotService;ALOT Update Service;C:\Users\Theresa\AppData\LocalLow\alotservice\alotservice.exe [2012-10-23 255880]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-22 119072]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-21 32808]
R2 BeFrugal.com Service;BeFrugal.com Service;C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe [2013-7-17 346960]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2013-2-22 580728]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-4-26 135824]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-17 328928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-25 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-17 178048]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-11-19 517632]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-17 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-17 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-17 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-17 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-8 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-8-24 182752]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-5-5 61913952]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-11-7 138760]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-1-4 519888]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-22 22304]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-22 3623200]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-6 5087584]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-20 2320920]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-9 1771544]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-4-20 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2011-12-3 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-20 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-8 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-8 317440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-9-8 311120]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-9-8 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-25 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-8-19 81920]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/04/20 02:48:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-12-6 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-17 328928]
S2 msav;Moon Secure Antivirus Core;C:\Program Files (x86)\Moon Secure Antivirus\msavcore.exe [2008-3-28 982016]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-9-8 70112]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe [2013-4-18 611400]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-11-17 197704]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-9-8 220528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2013-2-22 77144]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-4-20 329832]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-10 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-25 201304]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-5 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-5-5 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-19 14:33:32    --------    d-----w-    C:\Windows\System32\drivers\NSSx64\0400030.01B
2013-12-19 14:33:32    --------    d-----w-    C:\Windows\System32\drivers\NSSx64
2013-12-19 14:33:32    --------    d-----w-    C:\Program Files (x86)\Norton Security Scan
2013-12-18 13:44:54    --------    d-----w-    C:\ProgramData\HitmanPro
2013-12-18 13:20:59    50768    ----a-w-    C:\Windows\System32\drivers\kbdclass.sys.bak
2013-12-18 09:00:59    --------    d-----w-    C:\Users\Theresa\AppData\Local\Microsoft Games
2013-12-18 05:56:37    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-18 05:56:37    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-16 15:11:55    --------    d-----w-    C:\84cc2404d1bc1e21c335dd4d61
2013-12-12 11:41:31    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 11:41:31    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 11:41:30    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-12 11:41:30    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 11:28:45    335360    ----a-w-    C:\Windows\System32\msieftp.dll
.
==================== Find3M  ====================
.
2013-12-19 16:43:01    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-19 16:43:01    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-12 12:58:09    17248136    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-13 10:22:22    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-04 22:51:44    70112    ----a-w-    C:\Windows\System32\drivers\cfwids.sys
2013-11-04 22:46:34    343696    ----a-w-    C:\Windows\System32\drivers\mfewfpk.sys
2013-11-04 22:46:16    182752    ----a-w-    C:\Windows\System32\mfevtps.exe
2013-11-04 22:43:04    782360    ----a-w-    C:\Windows\System32\drivers\mfehidk.sys
2013-11-04 22:41:22    519576    ----a-w-    C:\Windows\System32\drivers\mfefirek.sys
2013-11-04 22:40:00    311120    ----a-w-    C:\Windows\System32\drivers\mfeavfk.sys
2013-11-04 22:39:20    179792    ----a-w-    C:\Windows\System32\drivers\mfeapfk.sys
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-25 06:19:22    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-25 06:17:57    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-23 19:49:22    197704    ----a-w-    C:\Windows\System32\drivers\HipShieldK.sys
.
============= FINISH: 11:04:33.79 ===============
 

Attached Files


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 19 December 2013 - 05:12 PM

Hellolinuxpowers,

  •  

     

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

AddThis Toolbar
AVG SafeGuard toolbar
BeFrugal.com Toolbar
CouponXplorer Toolbar
GamesBar 2.0.1.109
GasGlance Toolbar
GoToAssist Customer 1.6.0.498
InboxAce Toolbar Chrome Extension
LokeBar Toolbar
Moon Secure Antivirus
Search Results Toolbar
Yontoo 1.10.03
ALOT Appbar
AOL Mail Toolbar
AOL Messaging Toolbar
AOL Radio Toolbar
AOL Toolbar
BargainMatch version 1.0.5.0
Browser Guard 4.0
bSaving
Price Check by AOL
The Weather Channel App




Additional instructions can be found here if needed.

 

 

2.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

3.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 19 December 2013 - 07:27 PM

Thanks Fireman4it,

Just a quick question while I'm in the process of undeleting. Most of the programs say that they will be completely removed after a reboot! Should I ignore this and continue or go ahead and reboot?

AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 19 December 2013 - 08:53 PM

Go ahead and reboot before running the other steps.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 20 December 2013 - 07:55 AM

As requested!

 

 

Attached Files


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 20 December 2013 - 03:36 PM

1.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

2.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 20 December 2013 - 05:42 PM

OK...new logs!

 

Things are looking better....all of the extra toolbars are gone.

 

I do notice a couple things. If I maximise FF, I get a "YAHOO!" logo up at the top next to the minimize button. It only shows up when I maximise the browser. I also notice that when I maximise FF, it covers everything on the screen....no task bar, start menu icon, quick links icons, etc. I have to minimize FF to get to the start menu icon. This just happens at random, sometimes it does, sometimes it doesn't. I also notice when I open IE and maximise it, part of the browser is behind the bottom bars instead of on top. IE has this slider that comes up at the bottom to ask certain questions like, "Do I want to Make IE my Default Browser"....but that is buried behind the task bar. It does just the opposite of FF! Chrome tends to act like FF in that it covers everything...at times.

 

Out of curiosity, I opened up an explorer window and it behaves correctly, fits itself right on the desktop without covering anything. This could be a resolution setting/font setting issue! I checked out the display settings and there is a warning that setting text size to "Larger - 150%" may not fit on screen with current resolution, and it is. (I do feel like I'm looking at a 800x600 resolution screen!) I also noticed that the "Magnifier" comes up while the desktop is being loaded!

 

Windows update is working and has available updates in que...driving me crazy....I hate having updates available and not doing it! :hysterical: I've also noticed Resouce Manager shows over 50% memory usage at all times but with everything I see in the startup menu, I might be able to understand!

 

I haven't turned back on McAfee, so I don't know how that's going to behave.
 

Attached Files


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#8 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 20 December 2013 - 11:26 PM

Never mind on the YAHOO! logo. I took a look at the version of firefox and it's a "Yahoo! edition 1.26". Didn't know that would even happen!!! The properties are definitely located in "about:config". Not my laptop, not my concern!


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 22 December 2013 - 04:06 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 22 December 2013 - 05:23 PM

Farbar logs as requested!

Attached Files


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 22 December 2013 - 07:08 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   3.78KB   2 downloads

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 22 December 2013 - 07:45 PM

Well, I hope I did that correctly! I saved the the fixlist.txt file to my desktop...which is where FRST64 resides. I brought  up FRST64 and clicked on "fix". The log that was generated is now attached to this post.

Attached Files


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 22 December 2013 - 08:23 PM

Things are looking alot better. Looks like just a few leftovers.

 

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

2.

  • Download Malwarebytes Anti-Rootkit from HERE

      
  • Unzip the contents to a folder in a convenient location.
      
  • Open the folder where the contents were unzipped and run mbar.exe
      
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
      
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
      
  • Wait while the system shuts down and the cleanup process is performed.
      
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
      
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:09:23 PM

Posted 22 December 2013 - 10:06 PM

I posted two mbar-log files because I needed to scan  twice. The second scan came up clean.

Attached Files


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:23 PM

Posted 23 December 2013 - 02:21 AM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users