Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IRP Hook + Virus Messing With Internet Connect & Hacking My Info.


  • Please log in to reply
9 replies to this topic

#1 CrystalNEEDSHelp

CrystalNEEDSHelp

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 February 2014 - 09:42 AM

Hello, The DDS and other file only scanned one computer user, but I have four users, so not sure if it detected the virus or not because I'm unsure which computer user has the virus. I think it's coming from a deleted user.

 

AVG keeps detecting a few IRP Hook viruses, but every time I delete them, my computer won't let me log on until I do a restore which puts them right back on.

 

I also had an adult viruses pop up that falsely claimed I had been viewing child porn and said I was reported to my hosting provider and the police. I saw this is a popular virus, but it went away after I deleted the computer user, but I think it's still there lurking.

 

I wasn't too concerned, but now I'm thinking I'm dealing with a serious problem, because

 

1. AT&T tells me a virus is messing with my internet connect... and 

 

2. Many of my shared hosting websites were hacked (some websites do not even have content or links to them because I never used them, so the hacker must have found and gained access through my computer info.)

 

3. I noticed that my screen resolution changes during the time I cannot get on the internet.

 

In desperate need of help and I appreciate you all!  :love4u:

 

 

DDS INFO:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_01
Run by kissingbutterflies at 8:16:42 on 2014-02-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.618 [GMT -6:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WorkBaby Standard\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://search.entru.com/?s=21982
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: advertzilla: {5bf1894a-d6ff-6214-74eb-b0ff96bd11c5} - 
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - 
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - 
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4D4B347D-8F43-436E-B72E-A0E857B21878} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
AppInit_DLLs=  
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kissingbutterflies\appdata\roaming\mozilla\firefox\profiles\d5mrtukl.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2009-11-23 18432]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-10-23 39224]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-11-23 10624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-10-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]
R2 EyelineService;Eyeline Service;c:\program files\nch software\eyeline\eyeline.exe [2009-4-16 425988]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2008-5-23 98984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-24 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-24 701512]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-11-23 369152]
R2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2009-5-24 794628]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-22 207360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-24 22856]
S2 ATT MAHostService;ATT MAHostService;"c:\program files\att\8.3.1.7\ma\bin\mahostservice.exe" --> c:\program files\att\8.3.1.7\ma\bin\MAHostService.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-7-26 941784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe  [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-21 40776]
S3 TipCtrl;TipCtrl;c:\program files\utipu\TipCtrl.exe [2009-2-3 314504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .scr: PhEdit.scr=c:\program files\vcw vicman's photo editor\vcwphoto.exe %1
ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia extreme\digital theatre\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-07 08:00:40 -------- d-----w- c:\users\kissingbutterflies\appdata\local\MFAData
2014-01-30 00:07:49 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z..Z.Z..Z.Z..Z
2014-01-29 23:43:07 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ..ZZ.Z...ZZ
2014-01-29 22:51:36 -------- d-----w- c:\users\kissingbutterflies\appdata\local\Mozilla
2014-01-29 22:32:17 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZ.Z....Z...ZZ
2014-01-29 22:06:25 -------- d-----w- c:\users\kissingbutterflies\appdata\local\Hewlett-Packard
2014-01-29 22:05:14 -------- d-----w- c:\users\kissingbutterflies\appdata\roaming\AVG2013
2014-01-29 22:05:13 -------- d-----w- c:\users\kissingbutterflies\appdata\roaming\5600-6600 Series
2014-01-29 22:05:08 -------- d-----w- c:\users\kissingbutterflies\appdata\local\ArcSoft
2014-01-29 22:05:06 -------- d-----w- c:\users\kissingbutterflies\appdata\local\Avg2013
2014-01-29 22:05:00 -------- d-----w- c:\users\kissingbutterflies\appdata\local\Adobe
2014-01-29 22:04:26 -------- d-----w- c:\users\kissingbutterflies\appdata\local\Google
2014-01-29 22:04:11 -------- d-----w- c:\users\kissingbutterflies\appdata\roaming\PictureMover
2014-01-29 22:04:09 -------- d-----w- c:\users\kissingbutterflies\appdata\local\Scansoft
2014-01-25 12:57:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-01-23 19:27:05 -------- d-----w- C:\new videos
2014-01-22 19:52:26 -------- d-----w- c:\program files\Ask.com
2014-01-22 00:14:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-18 23:01:00 1400832 ----a-w- c:\windows\system32\msxml6.dll
2014-01-18 22:55:49 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-01-18 22:55:46 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-18 22:55:46 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-18 22:55:46 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-18 22:55:46 16896 ----a-w- c:\windows\system32\winusb.dll
2014-01-18 22:55:46 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-18 22:55:45 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-01-18 22:55:44 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-18 22:55:44 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-18 22:55:44 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-18 22:19:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2014-01-18 22:05:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-18 22:00:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-01-18 22:00:04 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-01-18 21:59:44 497152 ----a-w- c:\windows\system32\qdvd.dll
2014-01-18 21:57:29 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-01-18 21:57:26 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-01-18 21:55:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-01-18 21:55:23 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-18 21:55:23 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-18 21:55:23 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-18 21:55:23 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-18 21:55:23 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-18 21:55:22 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-18 21:55:21 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-01-18 21:55:21 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-01-18 21:55:21 1205168 ----a-w- c:\windows\system32\ntdll.dll
2014-01-18 21:55:20 64000 ----a-w- c:\windows\system32\smss.exe
2014-01-18 21:55:20 49152 ----a-w- c:\windows\system32\csrsrv.dll
2014-01-18 21:53:33 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2014-01-18 21:52:11 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-01-18 21:51:49 563712 ----a-w- c:\windows\system32\oleaut32.dll
2014-01-18 21:51:49 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2014-01-18 21:51:49 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2014-01-18 21:51:49 238080 ----a-w- c:\windows\system32\oleacc.dll
2014-01-18 21:50:48 797696 ----a-w- c:\windows\system32\FntCache.dll
2014-01-18 21:50:48 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-18 21:50:48 1068544 ----a-w- c:\windows\system32\DWrite.dll
2014-01-18 21:48:56 89088 ----a-w- c:\windows\system32\wiafbdrv.dll
2014-01-18 21:48:56 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-01-18 21:48:56 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-01-18 21:48:53 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-01-18 21:47:52 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-18 21:47:25 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-01-18 21:47:24 75776 ----a-w- c:\windows\system32\synceng.dll
2014-01-18 21:47:23 23552 ----a-w- c:\windows\system32\mciseq.dll
2014-01-18 21:47:23 189952 ----a-w- c:\windows\system32\winmm.dll
2014-01-18 21:47:04 2067968 ----a-w- c:\windows\system32\mstscax.dll
2014-01-18 21:46:48 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-18 21:45:00 812544 ----a-w- c:\windows\system32\certutil.exe
2014-01-18 21:45:00 41984 ----a-w- c:\windows\system32\certenc.dll
2014-01-18 21:44:37 377344 ----a-w- c:\windows\system32\winhttp.dll
2014-01-18 21:44:36 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-01-18 21:44:35 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-01-18 21:44:35 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-01-18 21:44:35 155648 ----a-w- c:\windows\system32\wscript.exe
2014-01-18 21:44:35 135168 ----a-w- c:\windows\system32\cscript.exe
2014-01-18 21:44:29 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-01-18 21:44:29 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-01-18 21:44:29 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-01-18 21:44:29 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2014-01-18 21:44:29 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-01-18 21:44:28 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2014-01-18 21:43:37 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2014-01-18 21:43:36 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-01-18 21:42:27 615936 ----a-w- c:\windows\system32\themeui.dll
2014-01-18 21:40:28 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-01-18 21:40:28 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-18 21:40:28 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-18 21:40:14 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-01-18 21:40:13 613376 ----a-w- c:\windows\system32\rdpencom.dll
2014-01-18 21:40:08 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-18 21:40:08 37376 ----a-w- c:\windows\system32\cdd.dll
2014-01-18 21:39:49 443904 ----a-w- c:\windows\system32\win32spl.dll
2014-01-18 21:39:49 37376 ----a-w- c:\windows\system32\printcom.dll
2014-01-18 21:39:46 623616 ----a-w- c:\windows\system32\localspl.dll
2014-01-18 21:39:43 1314816 ----a-w- c:\windows\system32\quartz.dll
2014-01-18 21:39:37 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-01-18 21:39:33 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-01-18 21:39:33 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-01-18 21:39:33 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2014-01-18 21:39:04 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-01-18 21:39:04 15872 ----a-w- c:\windows\system32\icaapi.dll
2014-01-18 21:37:59 9728 ----a-w- c:\windows\system32\lsass.exe
2014-01-18 21:37:59 72704 ----a-w- c:\windows\system32\secur32.dll
2014-01-18 21:37:59 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-01-18 21:37:59 278528 ----a-w- c:\windows\system32\schannel.dll
2014-01-18 21:37:59 1259008 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M  ====================
.
2014-02-05 05:27:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 05:27:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:25:54 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-25 07:48:36 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH:  8:17:25.07 ===============
 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_01
Run by WorkBaby Standard at 9:22:42 on 2014-02-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1214 [GMT -6:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WorkBaby Standard\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://search.entru.com/?s=21982
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: advertzilla: {5bf1894a-d6ff-6214-74eb-b0ff96bd11c5} - 
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - 
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - 
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Google Update] "c:\users\workbaby standard\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4D4B347D-8F43-436E-B72E-A0E857B21878} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
AppInit_DLLs=  
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\workbaby standard\appdata\roaming\mozilla\firefox\profiles\jbg4timb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\workbaby standard\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\workbaby standard\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\workbaby standard\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\workbaby standard\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2009-11-23 18432]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-10-23 39224]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-11-23 10624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-10-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]
R2 EyelineService;Eyeline Service;c:\program files\nch software\eyeline\eyeline.exe [2009-4-16 425988]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2008-5-23 98984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-24 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-24 701512]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-11-23 369152]
R2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2009-5-24 794628]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-22 207360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-24 22856]
S2 ATT MAHostService;ATT MAHostService;"c:\program files\att\8.3.1.7\ma\bin\mahostservice.exe" --> c:\program files\att\8.3.1.7\ma\bin\MAHostService.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-7-26 941784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe  [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-21 40776]
S3 TipCtrl;TipCtrl;c:\program files\utipu\TipCtrl.exe [2009-2-3 314504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .scr: PhEdit.scr=c:\program files\vcw vicman's photo editor\vcwphoto.exe %1
ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia extreme\digital theatre\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-30 00:07:49 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z..Z.Z..Z.Z..Z
2014-01-29 23:43:07 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ..ZZ.Z...ZZ
2014-01-29 22:32:17 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZ.Z....Z...ZZ
2014-01-28 22:37:34 -------- d-----w- c:\users\workbaby standard\appdata\local\Ares
2014-01-28 19:10:37 -------- d-----w- c:\users\workbaby standard\dwhelper
2014-01-28 18:50:35 -------- d-----w- c:\users\workbaby standard\appdata\local\Apple Computer
2014-01-25 12:57:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-01-24 18:13:49 -------- d-----w- c:\users\workbaby standard\appdata\local\Mozilla
2014-01-23 20:45:01 -------- d-----w- c:\users\workbaby standard\appdata\local\Apple
2014-01-23 19:27:05 -------- d-----w- C:\new videos
2014-01-23 12:36:02 -------- d-----w- c:\users\workbaby standard\appdata\local\Google
2014-01-23 06:00:20 -------- d-----w- c:\users\workbaby standard\appdata\local\Adobe
2014-01-23 05:39:15 -------- d-----w- c:\users\workbaby standard\appdata\local\AIM Toolbar
2014-01-23 05:35:37 -------- d-----w- c:\users\workbaby standard\appdata\local\Hewlett-Packard
2014-01-23 05:34:46 -------- d-----w- c:\users\workbaby standard\appdata\roaming\AVG2013
2014-01-23 05:34:35 -------- d-----w- c:\users\workbaby standard\appdata\local\ArcSoft
2014-01-23 05:34:31 -------- d-----w- c:\users\workbaby standard\appdata\roaming\5600-6600 Series
2014-01-23 05:34:25 -------- d-----w- c:\users\workbaby standard\appdata\local\Avg2013
2014-01-23 05:34:05 -------- d-----w- c:\users\workbaby standard\appdata\roaming\PictureMover
2014-01-23 05:34:03 -------- d-----w- c:\users\workbaby standard\appdata\local\Scansoft
2014-01-22 19:52:26 -------- d-----w- c:\program files\Ask.com
2014-01-22 00:14:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-18 23:01:00 1400832 ----a-w- c:\windows\system32\msxml6.dll
2014-01-18 22:55:49 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-01-18 22:55:46 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-18 22:55:46 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-18 22:55:46 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-18 22:55:46 16896 ----a-w- c:\windows\system32\winusb.dll
2014-01-18 22:55:46 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-18 22:55:45 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-01-18 22:55:44 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-18 22:55:44 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-18 22:55:44 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-18 22:19:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2014-01-18 22:05:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-18 22:00:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-01-18 22:00:04 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-01-18 21:59:44 497152 ----a-w- c:\windows\system32\qdvd.dll
2014-01-18 21:57:29 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-01-18 21:57:26 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-01-18 21:55:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-01-18 21:55:23 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-18 21:55:23 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-18 21:55:23 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-18 21:55:23 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-18 21:55:23 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-18 21:55:22 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-18 21:55:21 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-01-18 21:55:21 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-01-18 21:55:21 1205168 ----a-w- c:\windows\system32\ntdll.dll
2014-01-18 21:55:20 64000 ----a-w- c:\windows\system32\smss.exe
2014-01-18 21:55:20 49152 ----a-w- c:\windows\system32\csrsrv.dll
2014-01-18 21:53:33 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2014-01-18 21:52:11 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-01-18 21:51:49 563712 ----a-w- c:\windows\system32\oleaut32.dll
2014-01-18 21:51:49 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2014-01-18 21:51:49 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2014-01-18 21:51:49 238080 ----a-w- c:\windows\system32\oleacc.dll
2014-01-18 21:50:48 797696 ----a-w- c:\windows\system32\FntCache.dll
2014-01-18 21:50:48 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-18 21:50:48 1068544 ----a-w- c:\windows\system32\DWrite.dll
2014-01-18 21:48:56 89088 ----a-w- c:\windows\system32\wiafbdrv.dll
2014-01-18 21:48:56 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-01-18 21:48:56 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-01-18 21:48:53 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-01-18 21:47:52 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-18 21:47:25 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-01-18 21:47:24 75776 ----a-w- c:\windows\system32\synceng.dll
2014-01-18 21:47:23 23552 ----a-w- c:\windows\system32\mciseq.dll
2014-01-18 21:47:23 189952 ----a-w- c:\windows\system32\winmm.dll
2014-01-18 21:47:04 2067968 ----a-w- c:\windows\system32\mstscax.dll
2014-01-18 21:46:48 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-18 21:45:00 812544 ----a-w- c:\windows\system32\certutil.exe
2014-01-18 21:45:00 41984 ----a-w- c:\windows\system32\certenc.dll
2014-01-18 21:44:37 377344 ----a-w- c:\windows\system32\winhttp.dll
2014-01-18 21:44:36 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-01-18 21:44:35 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-01-18 21:44:35 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-01-18 21:44:35 155648 ----a-w- c:\windows\system32\wscript.exe
2014-01-18 21:44:35 135168 ----a-w- c:\windows\system32\cscript.exe
2014-01-18 21:44:29 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-01-18 21:44:29 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-01-18 21:44:29 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-01-18 21:44:29 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2014-01-18 21:44:29 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-01-18 21:44:28 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2014-01-18 21:43:37 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2014-01-18 21:43:36 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-01-18 21:42:27 615936 ----a-w- c:\windows\system32\themeui.dll
2014-01-18 21:40:28 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-01-18 21:40:28 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-18 21:40:28 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-18 21:40:14 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-01-18 21:40:13 613376 ----a-w- c:\windows\system32\rdpencom.dll
2014-01-18 21:40:08 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-18 21:40:08 37376 ----a-w- c:\windows\system32\cdd.dll
2014-01-18 21:39:49 443904 ----a-w- c:\windows\system32\win32spl.dll
2014-01-18 21:39:49 37376 ----a-w- c:\windows\system32\printcom.dll
2014-01-18 21:39:46 623616 ----a-w- c:\windows\system32\localspl.dll
2014-01-18 21:39:43 1314816 ----a-w- c:\windows\system32\quartz.dll
2014-01-18 21:39:37 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-01-18 21:39:33 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-01-18 21:39:33 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-01-18 21:39:33 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2014-01-18 21:39:04 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-01-18 21:39:04 15872 ----a-w- c:\windows\system32\icaapi.dll
2014-01-18 21:37:59 9728 ----a-w- c:\windows\system32\lsass.exe
2014-01-18 21:37:59 72704 ----a-w- c:\windows\system32\secur32.dll
2014-01-18 21:37:59 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-01-18 21:37:59 278528 ----a-w- c:\windows\system32\schannel.dll
2014-01-18 21:37:59 1259008 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M  ====================
.
2014-02-05 05:27:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 05:27:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:25:54 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-25 07:48:36 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH:  9:23:08.31 ===============

Attached Files


Edited by CrystalNEEDSHelp, 11 February 2014 - 01:18 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:34 AM

Posted 11 February 2014 - 04:01 PM

Hello CrystalNEEDSHelp,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • Once its done scanning click Clean to clean the machine.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.
2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Things to include in your next reply::
AdwCleaner log
Roguekiller log
How is your amchine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 CrystalNEEDSHelp

CrystalNEEDSHelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 11 February 2014 - 10:06 PM

Hello, Fireman. Firstly, I appreciate your help!

 

I wasn't able to download RogueKiller, it goes to a page that says Page Not Found. However, here are my results from ADWCleaner:

 

# AdwCleaner v3.018 - Report created 11/02/2014 at 20:51:57
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : WorkBaby Standard - RASHELLE-PC
# Running from : C:\Users\WorkBaby Standard\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\AdMara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\ble\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Blessed88\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Free 2.rashelle-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\free\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\plzwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\sid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v27.0 (en-US)
 
[ File : C:\Users\mainme\AppData\Roaming\Mozilla\Firefox\Profiles\mts7rvs6.default\prefs.js ]
 
 
[ File : C:\Users\AdMara\AppData\Roaming\Mozilla\Firefox\Profiles\g1hfaz30.default\prefs.js ]
 
 
[ File : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\3tgctq3u.default\prefs.js ]
 
 
[ File : C:\Users\free\AppData\Roaming\Mozilla\Firefox\Profiles\6927mdsf.default\prefs.js ]
 
 
[ File : C:\Users\Free 2.rashelle-PC\AppData\Roaming\Mozilla\Firefox\Profiles\x94bcm7d.default\prefs.js ]
 
 
[ File : C:\Users\Blessed88\AppData\Roaming\Mozilla\Firefox\Profiles\srske4xg.default\prefs.js ]
 
 
[ File : C:\Users\sid\AppData\Roaming\Mozilla\Firefox\Profiles\0se6cs78.default\prefs.js ]
 
 
[ File : C:\Users\ble\AppData\Roaming\Mozilla\Firefox\Profiles\41xkw6fr.default\prefs.js ]
 
 
[ File : C:\Users\WorkBaby Standard\AppData\Roaming\Mozilla\Firefox\Profiles\jbg4timb.default\prefs.js ]
 
 
[ File : C:\Users\kissingbutterflies\AppData\Roaming\Mozilla\Firefox\Profiles\d5mrtukl.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\sid\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\WorkBaby Standard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\kissingbutterflies\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [23238 octets] - [11/02/2014 18:18:36]
AdwCleaner[R1].txt - [22517 octets] - [11/02/2014 18:59:24]
AdwCleaner[R2].txt - [4380 octets] - [11/02/2014 20:51:57]
AdwCleaner[S0].txt - [23073 octets] - [11/02/2014 19:01:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4501 octets] ##########


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:34 AM

Posted 12 February 2014 - 11:10 AM

Please Scan you System again with AdwCleaner. Once the scan has completed click  Clean to clean you machine of  any malware it has found. Then post it's log.

 

 

Try this link for the Roguekiller download page.


Edited by fireman4it, 12 February 2014 - 12:14 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 CrystalNEEDSHelp

CrystalNEEDSHelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 14 February 2014 - 03:28 AM

Thanks, quick question: Have you ever heard of a virus preventing internet access off and on? It took me so long to get back, because I'm just getting my internet access back. ATT claims it's not on their end, but a virus. I get messages such as:

 

  1. Error code: ERR_CONNECTION_ABORTED
  2. Server failed to connect
  3. Limited or no connection activity
  4. Connection was interrupted

and other messages, but on my modem page, it says that my dsl and internet are up; however, ADSL failed messages, too. You ever heard of a virus that does this or does it sound like the ISP? Anyhow, here's my logs:

 

 

ADWCleaner log:

 

 

# AdwCleaner v3.018 - Report created 14/02/2014 at 01:51:51
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : WorkBaby Standard - RASHELLE-PC
# Running from : C:\Users\WorkBaby Standard\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\AdMara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\free\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Free 2.rashelle-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Blessed88\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\sid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\ble\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\plzwork\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v27.0 (en-US)
 
[ File : C:\Users\mainme\AppData\Roaming\Mozilla\Firefox\Profiles\mts7rvs6.default\prefs.js ]
 
 
[ File : C:\Users\AdMara\AppData\Roaming\Mozilla\Firefox\Profiles\g1hfaz30.default\prefs.js ]
 
 
[ File : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\3tgctq3u.default\prefs.js ]
 
 
[ File : C:\Users\free\AppData\Roaming\Mozilla\Firefox\Profiles\6927mdsf.default\prefs.js ]
 
 
[ File : C:\Users\Free 2.rashelle-PC\AppData\Roaming\Mozilla\Firefox\Profiles\x94bcm7d.default\prefs.js ]
 
 
[ File : C:\Users\Blessed88\AppData\Roaming\Mozilla\Firefox\Profiles\srske4xg.default\prefs.js ]
 
 
[ File : C:\Users\sid\AppData\Roaming\Mozilla\Firefox\Profiles\0se6cs78.default\prefs.js ]
 
 
[ File : C:\Users\ble\AppData\Roaming\Mozilla\Firefox\Profiles\41xkw6fr.default\prefs.js ]
 
 
[ File : C:\Users\WorkBaby Standard\AppData\Roaming\Mozilla\Firefox\Profiles\jbg4timb.default\prefs.js ]
 
 
[ File : C:\Users\kissingbutterflies\AppData\Roaming\Mozilla\Firefox\Profiles\d5mrtukl.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\sid\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\WorkBaby Standard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\kissingbutterflies\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [23238 octets] - [11/02/2014 18:18:36]
AdwCleaner[R1].txt - [22517 octets] - [11/02/2014 18:59:24]
AdwCleaner[R2].txt - [4581 octets] - [11/02/2014 20:51:57]
AdwCleaner[R3].txt - [4641 octets] - [12/02/2014 00:06:10]
AdwCleaner[R4].txt - [4701 octets] - [12/02/2014 04:01:45]
AdwCleaner[R5].txt - [4761 octets] - [13/02/2014 00:05:40]
AdwCleaner[R6].txt - [4821 octets] - [14/02/2014 00:54:17]
AdwCleaner[S0].txt - [23073 octets] - [11/02/2014 19:01:36]
AdwCleaner[S1].txt - [4784 octets] - [14/02/2014 01:51:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4844 octets] ##########
 
 
RKreport log:
 
RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : WorkBaby Standard [Admin rights]
Mode : Scan -- Date : 02/14/2014 02:09:24
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][SUSP PATH] d9aa9700 : C:\Users\Meonline\AppData\Local\Temp\\setup1852795648.exe [x] -> FOUND
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\WorkBaby\AppData\Local\Temp\IHU8729.tmp.exe [x][x] -> FOUND
[V2][SUSP PATH] TidyNetwork Update : C:\Users\AdMara\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x354F0766)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x354F0766)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x354F0766)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST350062 0AS SCSI Disk Device +++++
--- User ---
[MBR] 96a52808e0035d7fad3bfb43bda4eb37
[BSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 465445 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 953232840 | Size: 11491 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Maxtor OneTouch USB Device +++++
--- User ---
[MBR] 0c1151906a855e37a4dba8d2da53cb6d
[BSP] b291476d5318bca11dd59634be17ddd0 : Legit.C MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_02142014_020924.txt >>
 
 
 
 


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:34 AM

Posted 14 February 2014 - 11:00 AM

 

Have you ever heard of a virus preventing internet access off and on?

There have been known to be a few that will affect this. once we get you cleaned up we will check.

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

Let me know how things are after running Roguekiller.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:34 AM

Posted 18 February 2014 - 10:08 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:34 AM

Posted 19 February 2014 - 03:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:34 AM

Posted 28 February 2014 - 02:10 PM

This topic has been re-opened at the request of the person who originally posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 CrystalNEEDSHelp

CrystalNEEDSHelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 February 2014 - 11:41 PM

Hello, thanks for reopening the thread!

 

Here is the RK information:

 

 

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : WorkBaby Standard [Admin rights]
Mode : Remove -- Date : 02/27/2014 08:45:43
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][SUSP PATH] d9aa9700 : C:\Users\Meonline\AppData\Local\Temp\\setup1852795648.exe [x] -> DELETED
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\WorkBaby\AppData\Local\Temp\IHU8729.tmp.exe [x][x] -> DELETED
[V2][SUSP PATH] TidyNetwork Update : C:\Users\AdMara\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35631B66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35631B66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35631B66)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST350062 0AS SCSI Disk Device +++++
--- User ---
[MBR] 96a52808e0035d7fad3bfb43bda4eb37
[BSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 465445 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 953232840 | Size: 11491 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Maxtor OneTouch USB Device +++++
--- User ---
[MBR] 0c1151906a855e37a4dba8d2da53cb6d
[BSP] b291476d5318bca11dd59634be17ddd0 : Legit.C MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_D_02272014_084543.txt >>
RKreport[0]_S_02272014_084530.txt
 
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users