Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

part 2 of ads playing in background


  • This topic is locked This topic is locked
66 replies to this topic

#1 SUSIELOVEALOT

SUSIELOVEALOT

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 02 January 2014 - 12:20 PM

number 6 results.  working on  7 now.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Bob at 9:15:24 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4085.1738 [GMT -8:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe
C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingSurrogate.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Bob\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: ZD Manager IE Plugin: {18D6D197-45BB-465B-ADC0-274A70B49B55} - C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ask Shopping Toolbar: {4F564F32-5637-2D53-4154-7A786E7484D7} -
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: PlayFizz Platinum Content Add-on: {757FAD76-20D9-4973-BD64-9208ED0A0624} - C:\Users\Bob\AppData\Local\FizzPlatinum\FizzPlatinumBHO.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Shopping Toolbar: {4F564F32-5637-2D53-4154-7A786E7484D7} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [GenieoSystemTray] "C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
uRun: [ROC_ROC_APR2013_AV] C:\Users\Bob\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 9e0144289ec147d19693d16c223fe328-97eb0f8584e2419d44567b4f724e699b8826b6a0 --CMPID ROC_APR2013_AV
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [AVG-Secure-Search-Update_1013a] "C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013a.exe" /PROMPT /CMPID=1013a
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\Bob\AppData\Local\StrongVault\StrongVaultApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\TOOLBARS\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7C0304FA-7404-48F4-9026-9D2CA3ADE2DC} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\TOOLBARS\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Ask Shopping Toolbar: {4F564F32-5637-2D53-4154-7A786E7484D7} -
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Ask Shopping Toolbar: {4F564F32-5637-2D53-4154-7A786E7484D7} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\TOOLBARS\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\TOOLBARS\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-3 46368]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 lxdx_device;lxdx_device;C:\Windows\System32\lxdxcoms.exe -service --> C:\Windows\System32\lxdxcoms.exe -service [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-6-2 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-6-2 185640]
R2 ZDManager Service;ZDManager Service;C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-11-7 176640]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-7 1255736]
S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\System32\drivers\zghsdiag.sys [2011-1-13 122624]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\System32\drivers\zghsmdm.sys [2011-1-13 122624]
S3 zghsnmea;ZTE General Handset NMEA Port;C:\Windows\System32\drivers\zghsnmea.sys [2011-1-13 122624]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-11-13 112224]
.
=============== Created Last 30 ================
.
2014-01-02 01:17:07 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-02 00:37:02 -------- d-----w- C:\Windows\ERUNT
2014-01-01 22:35:05 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2013-12-19 13:17:22 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-12-10 20:20:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:20:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-13 21:26:15 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-10-08 21:49:18 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-10-08 21:49:18 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-10-08 21:49:18 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
.
============= FINISH:  9:17:21.13 ===============
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:16 AM

Posted 02 January 2014 - 12:43 PM

Hello SUSIELOVEALOT
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Things to include in your next reply::
AdwCleaner log
Roguekiller log
Do you have a Usb flash drive?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 02 January 2014 - 01:10 PM

For the adwcleaner it says:   Pending. please uncheck elements you don't want to  remove, what do I do from here?



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:16 AM

Posted 02 January 2014 - 01:34 PM

Just click the Clean button and post the log it gives you. Then proceed with Roguekiller.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 02 January 2014 - 01:47 PM

adwcleaner:

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 10:42:02
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob - BOB-PC
# Running from : C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\383TP0DM\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Bob\AppData\Local\AVG SafeGuard toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

*************************

AdwCleaner[R0].txt - [21984 octets] - [01/01/2014 14:35:10]
AdwCleaner[R1].txt - [946 octets] - [02/01/2014 09:59:48]
AdwCleaner[R2].txt - [1005 octets] - [02/01/2014 10:05:59]
AdwCleaner[R3].txt - [1065 octets] - [02/01/2014 10:25:59]
AdwCleaner[R4].txt - [1126 octets] - [02/01/2014 10:40:54]
AdwCleaner[S0].txt - [20826 octets] - [01/01/2014 14:37:14]
AdwCleaner[S1].txt - [1054 octets] - [02/01/2014 10:42:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1114 octets] ##########



#6 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 02 January 2014 - 01:55 PM

RogueKiller

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating

System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bob [Admin rights]
Mode : Scan -- Date : 01/02/2014 10:52:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] gentray.exe -- C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [7] -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\Bob\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Bob\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 9e0144289ec147d19693d16c223fe328-97eb0f8584e2419d44567b4f724e699b8826b6a0 --CMPID ROC_APR2013_AV [x][x][x][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] Arcadesafari.job : C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [-] -> FOUND
[V1][SUSP PATH] PlayFizz.job : C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe [-] -> FOUND
[V2][SUSP PATH] Arcadesafari : C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [-] -> FOUND
[V2][SUSP PATH] PlayFizz : C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 1850f7e9d1237d096c858ae12246e589
[BSP] c90903274a63f5a998e98ff3541e74ec : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01022014_105218.txt >>

 

 



#7 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 02 January 2014 - 01:57 PM

I do not know if I have a Usb Flash Drive,  How can I find out if I do?



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:16 AM

Posted 02 January 2014 - 06:26 PM

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 02 January 2014 - 10:12 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2014
Ran by Bob at 2014-01-02 19:08:10
Running from C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAZ5LMQX
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (x32 Version: 10.1.0 - Adobe Systems Incorporated)
Amelie's Cafe (x32 Version:  - )
Arcadesafari (HKCU Version:  - Arcadesafari LLC)
Ask Shopping Toolbar (x32 Version: 12.7.0.2491 - APN, LLC) <==== ATTENTION
Aurora Manager TL (x32 Version: 1.6 - Power-One)
AVG 2011 (Version: 10.0.3222 - AVG Technologies) Hidden
Bejeweled 2 Deluxe 1.0 (x32 Version:  - )
Bejeweled 3 (x32 Version:  - PopCap Games)
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Bookworm (x32 Version:  - PopCap Games)
Bookworm Adventures (x32 Version:  - PopCap Games)
Bookworm Adventures Vol. 2 (x32 Version:  - PopCap Games)
Burger shop 2 (x32 Version:  - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Coupon Printer for Windows (x32 Version: 5.0.0.0 - Coupons.com Incorporated)
Criminal Minds (x32 Version:  - Oberon Media)
Delicious: Emily's Childhood Memories (x32 Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (x32 Version:  - )
Farm Frenzy 3 - Madagascar (x32 Version:  - )
Genieo (HKCU Version: 1.0.202 - Genieo Innovation Ltd.)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (x32 Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (x32 Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (x32 Version: 1.0.0.7702 - HP)
HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (x32 Version: 6.0.260 - Oracle)
Jewel Quest (remove only) (x32 Version:  - )
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech Webcam Software (x32 Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes' Anti-Malware version 1.51.0.1200 (x32 Version: 1.51.0.1200 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Nancy Drew Dossier - Resorting to Danger (x32 Version:  - Oberon Media)
ooVoo (x32 Version: 3.5.9056 - ooVoo LLC.)
PlayFizz (HKCU Version: 1.0 - PlayFizz)
Price Finder (HKCU Version: 1.1.9 - Pronto.com)
Ranch Rush (x32 Version:  - )
Roads of Rome (x32 Version:  - )
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Snap.Do (x32 Version: 1.6.1.782 - ReSoft Ltd.)
Snap.Do Engine (HKCU Version: 1.6.1.782 - ReSoft Ltd.)
Strongvault Online Backup (x32 Version: 1.0.1.0 - Strongvault)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
Temples Across America (x32 Version:  - )
The Treasures of Montezuma (x32 Version:  - )
The Weather Channel App (x32 Version:  - )
Unlikely Suspects (x32 Version:  - )
Verizon Download Manager (x32 Version: 25 - SupportSoft)
Virtual Families (x32 Version:  - )
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
WinRAR 4.10 beta 5 (64-bit) (Version: 4.10.5 - win.rar GmbH)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)
Yahoo! Software Update (x32 Version:  - )
Yahoo! Toolbar (x32 Version:  - Yahoo! Inc.)
ZD Manager (x32 Version:  - Zendeals)
Zuma's Revenge! (x32 Version:  - PopCap Games)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4B9BE0D2-EB3A-43D5-9C71-65A73E2DEA56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)
Task: {59936AB9-381C-4A8F-AD49-088A6DD1EC31} - System32\Tasks\Arcadesafari => C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [2013-02-21] (Arcadesafari)
Task: {75A0483D-56A5-4069-9295-7DC941114F67} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {7E0AF8AD-B56E-4C08-9BD3-7C98BFB32930} - System32\Tasks\AVG-Secure-Search-Update_1013a_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013a.exe
Task: {8788A71A-2C65-4CA9-97CD-B46A56C18D71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-22] (Google Inc.)
Task: {87EFDF1B-F803-479E-ABB1-A20C801EB8FB} - System32\Tasks\PlayFizz => C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe [2013-01-25] ()
Task: {97375239-CFF0-4F23-8A28-D89CCE59F938} - System32\Tasks\AVG-Secure-Search-Update_1013a_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013a.exe
Task: {AAB0134C-7497-4CA4-B6BD-E24503C55402} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {B5D1E2BB-4503-4C9C-9D72-1D93A112A587} - \Scheduled Update for Ask Toolbar No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Arcadesafari.job => C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1013a_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013a.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1013a_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013a.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PlayFizz.job => C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe

==================== Loaded Modules (whitelisted) =============

2011-07-08 17:29 - 2009-10-16 17:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-01-16 18:02 - 2013-01-16 18:02 - 00541696 _____ () C:\Users\Bob\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-08-20 15:30 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:214562D2
AlternateDataStreams: C:\ProgramData\TEMP:837DAED0

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 00:40:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b76a2
Exception code: 0xc0000005
Fault offset: 0x000000000024201e
Faulting process id: 0x2b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 00:18:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16430, time stamp: 0x4db22b8b
Exception code: 0xc0000005
Fault offset: 0x00000000004ca6f4
Faulting process id: 0x2b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 11:20:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7d8
Faulting process id: 0x2b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 10:14:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16430, time stamp: 0x4db22b8b
Exception code: 0xc0000005
Fault offset: 0x00000000004ca6f4
Faulting process id: 0x2a4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 09:06:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16430, time stamp: 0x4db22b8b
Exception code: 0xc0000005
Fault offset: 0x00000000004ca6f4
Faulting process id: 0x2b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/02/2014 07:44:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007ffe5d37190
Faulting process id: 0x2a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/01/2014 07:35:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b76a2
Exception code: 0xc0000005
Fault offset: 0x00000000002432d1
Faulting process id: 0x2a4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/01/2014 07:05:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b76a2
Exception code: 0xc0000005
Fault offset: 0x0000000000242059
Faulting process id: 0x2a4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/01/2014 05:50:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000007a27f40
Faulting process id: 0x2b0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (01/02/2014 01:49:04 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/02/2014 01:49:04 PM) (Source: Service Control Manager) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/02/2014 01:48:52 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (01/02/2014 01:48:48 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (01/02/2014 00:44:53 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2014 00:42:19 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/02/2014 00:42:19 PM) (Source: Service Control Manager) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/02/2014 00:42:08 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (01/02/2014 00:42:04 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (01/02/2014 00:40:33 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:
%%1190

Microsoft Office Sessions:
=========================
Error: (03/24/2012 08:12:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92 seconds with 60 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-12-25 11:47:01.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-25 11:47:01.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-25 11:47:01.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-25 11:47:01.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-25 11:47:01.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-25 11:47:01.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-17 14:58:31.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-17 14:58:31.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-17 14:58:31.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-17 14:58:31.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 4085.18 MB
Available physical RAM: 1394.25 MB
Total Pagefile: 8168.55 MB
Available Pagefile: 5137.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:889.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#10 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 02 January 2014 - 10:20 PM

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating

System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bob [Admin rights]
Mode : Remove -- Date : 01/02/2014 19:15:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] gentray.exe -- C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [7] -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\Bob\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Bob\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 9e0144289ec147d19693d16c223fe328-97eb0f8584e2419d44567b4f724e699b8826b6a0 --CMPID ROC_APR2013_AV [x][x][x][x]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] Arcadesafari.job : C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [-] -> DELETED
[V1][SUSP PATH] PlayFizz.job : C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe [-] -> DELETED
[V2][SUSP PATH] Arcadesafari : C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [-] -> DELETED
[V2][SUSP PATH] PlayFizz : C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe [-] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 1850f7e9d1237d096c858ae12246e589
[BSP] c90903274a63f5a998e98ff3541e74ec : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01022014_191515.txt >>
RKreport[0]_S_01022014_105218.txt;RKreport[0]_S_01022014_185957.txt



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:16 AM

Posted 02 January 2014 - 11:41 PM

Hello,

you posted the roguekiller and additional.txt . I need the FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 03 January 2014 - 11:04 AM

What do you mean by  FRST txt?  I am trying to understand what you mean.



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:16 AM

Posted 03 January 2014 - 02:13 PM

There where two logs created when you ran FRST.  FRST.txt is one log the other is Addition.txt. You posted the addition.txt. There should be a FRST.txt on your desktop.  I need that log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 SUSIELOVEALOT

SUSIELOVEALOT
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:06:16 AM

Posted 03 January 2014 - 02:43 PM

Ok for some reason I have 5 of them on my desktop, Is this the right one?

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating

System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bob [Admin rights]
Mode : Remove -- Date : 01/02/2014 19:15:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] gentray.exe -- C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [7] -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\Bob\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\Bob\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [7]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Bob\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 9e0144289ec147d19693d16c223fe328-97eb0f8584e2419d44567b4f724e699b8826b6a0 --CMPID ROC_APR2013_AV [x][x][x][x]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] Arcadesafari.job : C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [-] -> DELETED
[V1][SUSP PATH] PlayFizz.job : C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe [-] -> DELETED
[V2][SUSP PATH] Arcadesafari : C:\Users\Bob\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [-] -> DELETED
[V2][SUSP PATH] PlayFizz : C:\Users\Bob\AppData\Local\FizzPlatinum\Updater.exe [-] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 1850f7e9d1237d096c858ae12246e589
[BSP] c90903274a63f5a998e98ff3541e74ec : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01022014_191515.txt >>
RKreport[0]_S_01022014_105218.txt;RKreport[0]_S_01022014_185957.txt



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:16 AM

Posted 03 January 2014 - 04:24 PM

That is the roguekiller log. It will say FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users