Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Re-directs, Random Talking While Browsing


  • This topic is locked This topic is locked
27 replies to this topic

#1 Brad001

Brad001

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 25 May 2014 - 12:05 PM

Hello,

 

I have used bleeping computer as a resource before on my own in regard to help topics and self-help.  It now appears that I may need the help of an expert with an issue I am having.

 

While on my machine, trying to navigate the web is often times quite difficult due to the high number of redirects that I am bombarded with.  Not only that, but many times random voices, talking seem to come out of nowhere and don't stop until the browser is closed.

 

I have run a couple scans such as AVG, and Malwarebytes but didn't seem to have any luck removing the infection.  It seems that some days/times are better than others as there are very little redirects/talking one time and another time it's constant.  For example, for the past couple of hours while on my machine, I havn't had one redirect or random talking voice, making it seem like everything is alright but I know the problem has occured after running my scans so I believe the problem still exists.  Thank you so much for the help, I really appreicate it!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.10.2
Run by Chris at 12:37:20 on 2014-05-25
#Option MBR scan  is disabled.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Services\1016\hlupdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Dynex Enhanced G USB Network Adapter\DynexWCUI.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\My Documents\Downloads\4jekl78h.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.Google.com
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: SpecifyDefaultButtons = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: SpecifyDefaultButtons = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A27762EA-DF2F-4CA0-83E0-EE7C45EC18AB} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\67jtxl7n.default\
FF - prefs.js: browser.search.selectedEngine - StartWeb
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: !HIDDEN! 2010-01-01 12:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? Lbd;Lbd
R? MFE_RR;MFE_RR
R? WDC_SAM;WD SCSI Pass Thru driver
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free Network Redirector
S? BrYNSvc;BrYNSvc
S? HighliteApp_1016;HighliteApp Update
S? WMP11V27;Instant Wireless PCI Card V2.7 Driver
.
=============== Created Last 30 ================
.
2014-05-18 16:41:21    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 16:39:15    52312    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 16:39:13    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-18 16:39:10    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-16 18:01:49    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-05-12 07:24:48    103424    ----a-w-    c:\program files\common files\services\1016\hlupdate.exe
2014-05-08 13:48:42    227704    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-05-08 13:48:42    227704    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
2014-05-02 02:15:40    1266800    ----a-w-    c:\program files\mozilla firefox\icuin52.dll
2014-05-02 02:15:40    10594416    ----a-w-    c:\program files\mozilla firefox\icudt52.dll
2014-05-02 02:15:39    965232    ----a-w-    c:\program files\mozilla firefox\icuuc52.dll
2014-04-28 01:28:29    --------    d-----w-    c:\windows\ERUNT
2014-04-28 01:09:21    --------    d-----w-    C:\AdwCleaner
.
==================== Find3M  ====================
.
2014-05-13 17:51:02    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 17:51:02    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-21 15:46:46    152848    ----a-w-    c:\windows\system32\comdlg32.ocx
2014-03-21 15:46:46    1081616    ----a-w-    c:\windows\system32\mscomctl.ocx
2014-03-06 17:59:23    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 17:59:22    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-03-06 17:59:22    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54    385024    ----a-w-    c:\windows\system32\html.iec
2014-02-26 01:59:05    13312    ------w-    c:\windows\system32\xp_eos.exe
2006-01-03 00:51:10    774144    ----a-w-    c:\program files\RngInterstitial.dll
2003-01-27 15:50:24    1000448    ----a-w-    c:\program files\common files\AutoUpdate.exe
.
============= FINISH: 12:42:08.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 25 May 2014 - 12:49 PM




Hello Brad001

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Brad001

Brad001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 25 May 2014 - 03:28 PM

Hi Gringo and thanks for your help through this!  It's much appreciated.  I attached the addition.text file.  I hope this is the correct way you wanted me to do it.  I apologize if it's not. I know in your directions it said not to attach logs but it seemed you specifcally asked for this one to be attached as opposed to wanting me to copy and paste it.  If this is incorrect please let me know so I do it the right way going forward.  Below you find the logs you requested:

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 01
Ran by Chris (administrator) on HOME-0P3PDXVGZN on 25-05-2014 15:20:46
Running from C:\Documents and Settings\Chris\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
() C:\Program Files\Common Files\Services\1016\hlupdate.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Musicmatch, Inc.) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(TODO: <Company name>) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Dynex) C:\Program Files\Dynex Enhanced G USB Network Adapter\DynexWCUI.exe
(FUJI PHOTO FILM CO., LTD.) C:\Program Files\FinePixViewer\QuickDCF.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\System32\NvCpl.dll [4616192 2003-04-24] (NVIDIA Corporation)
HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269 2004-09-11] (RealNetworks, Inc.)
HKLM\...\Run: [FLMOFFICE4DMOUSE] => C:\Program Files\Browser MOUSE\mouse32a.exe [360448 2005-02-15] ()
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [MMTray] => C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [131072 2004-04-20] (Musicmatch, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [mmtask] => C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [53248 2004-04-20] (TODO: <Company name>)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [AutoLaunch] - C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
HKU\.DEFAULT\...\Policies\Explorer: [Btn_Search] 0
HKU\.DEFAULT\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\S-1-5-19\...\Policies\Explorer: [Btn_Search] 0
HKU\S-1-5-19\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\S-1-5-20\...\Policies\Explorer: [Btn_Search] 0
HKU\S-1-5-20\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\S-1-5-21-823518204-1647877149-725345543-1004\...\Policies\Explorer: [Btn_Search] 0
HKU\S-1-5-21-823518204-1647877149-725345543-1004\...\Policies\Explorer: [SpecifyDefaultButtons] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
ShortcutTarget: Dynex Wireless Networking Utility.lnk -> C:\Program Files\Dynex Enhanced G USB Network Adapter\DynexWCUI.exe (Dynex)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
ShortcutTarget: Exif Launcher.lnk -> C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - Google URL = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\67jtxl7n.default
FF DefaultSearchEngine: StartWeb
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprjplug;version=1.0.2.2088 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\67jtxl7n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2010-03-13]

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-07-02] ()
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-16] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
R2 HighliteApp_1016; C:\Program Files\Common Files\Services\1016\hlupdate.exe [103424 2014-05-12] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-31] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
S3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28352 2004-07-11] (MusicMatch, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 WMP11V27; C:\WINDOWS\System32\DRIVERS\WMP11V27.sys [171776 2002-07-30] (The Linksys Group, Inc)
S4 IntelIde; No ImagePath
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Chris\LOCALS~1\Temp\mfe_rr.sys [X]
S2 PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 uwrdifod; \??\C:\DOCUME~1\Chris\LOCALS~1\Temp\uwrdifod.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-12-31 62144:163 - 2010-03-13 16:32 - 00006456 ____H () C:\WINDOWS\system32\danodiza
2014-05-25 14:30 - 2014-05-25 15:20 - 00000000 ____D () C:\FRST
2014-05-25 12:42 - 2014-05-25 12:42 - 00025224 _____ () C:\Documents and Settings\Chris\Desktop\attach.txt
2014-05-25 12:42 - 2014-05-25 12:42 - 00010200 _____ () C:\Documents and Settings\Chris\Desktop\dds.txt
2014-05-25 11:47 - 2014-05-25 11:47 - 00005940 _____ () C:\Documents and Settings\Chris\reset.log
2014-05-18 13:39 - 2014-05-18 13:39 - 00001925 _____ () C:\Documents and Settings\Chris\Desktop\RKreport[0]_D_05182014_133905.txt
2014-05-18 13:35 - 2014-05-18 13:35 - 00001875 _____ () C:\Documents and Settings\Chris\Desktop\RKreport[0]_S_05182014_133552.txt
2014-05-18 13:28 - 2014-05-18 13:39 - 00000000 ____D () C:\Documents and Settings\Chris\Desktop\RK_Quarantine
2014-05-18 12:41 - 2014-05-18 13:46 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 12:40 - 2014-05-18 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 12:39 - 2014-05-18 13:45 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-18 12:39 - 2014-05-18 12:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-18 12:39 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-16 14:01 - 2014-05-18 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-05-16 13:57 - 2014-05-18 14:48 - 00000000 ____D () C:\Documents and Settings\Chris\Desktop\mbar
2014-05-16 13:49 - 2014-05-16 13:52 - 00003850 _____ () C:\Documents and Settings\Chris\Desktop\Rkill.txt
2014-05-04 03:29 - 2014-05-25 11:44 - 00043200 _____ () C:\WINDOWS\setupapi.log
2014-05-04 03:28 - 2014-05-04 03:29 - 00002359 _____ () C:\WINDOWS\tsoc.log
2014-05-04 03:28 - 2014-05-04 03:29 - 00002037 _____ () C:\WINDOWS\comsetup.log
2014-05-04 03:28 - 2014-05-04 03:29 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-04 03:28 - 2014-05-04 03:29 - 00001238 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-04 03:28 - 2014-05-04 03:29 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-05-04 03:28 - 2014-05-04 03:29 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-05-04 03:28 - 2014-05-04 03:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-04 03:28 - 2014-05-04 03:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-04 03:27 - 2014-05-04 03:29 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2014-05-04 03:27 - 2014-05-04 03:29 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-05-04 03:27 - 2014-05-04 03:29 - 00000959 _____ () C:\WINDOWS\iis6.log
2014-05-04 03:27 - 2014-05-04 03:27 - 00000499 _____ () C:\WINDOWS\updspapi.log
2014-05-04 03:11 - 2014-05-04 03:29 - 00009084 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-04-27 21:34 - 2014-04-27 21:34 - 00001201 _____ () C:\Documents and Settings\Chris\Desktop\JRT.txt
2014-04-27 21:28 - 2014-04-27 21:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-27 21:09 - 2014-04-27 21:11 - 00000000 ____D () C:\AdwCleaner

==================== One Month Modified Files and Folders =======

2014-05-25 15:20 - 2014-05-25 14:30 - 00000000 ____D () C:\FRST
2014-05-25 14:50 - 2012-05-07 19:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-25 12:42 - 2014-05-25 12:42 - 00025224 _____ () C:\Documents and Settings\Chris\Desktop\attach.txt
2014-05-25 12:42 - 2014-05-25 12:42 - 00010200 _____ () C:\Documents and Settings\Chris\Desktop\dds.txt
2014-05-25 12:41 - 2004-08-15 10:49 - 01594577 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-25 12:06 - 2010-07-29 20:33 - 00000000 _____ () C:\Documents and Settings\Chris\Local Settings\Application Data\prvlcl.dat
2014-05-25 11:51 - 2014-03-27 16:35 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-25 11:51 - 2004-02-07 12:32 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-25 11:51 - 2004-02-07 07:21 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-25 11:51 - 2004-02-07 07:21 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-25 11:50 - 2004-02-07 12:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-25 11:49 - 2009-12-30 20:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-05-25 11:49 - 2004-02-07 12:34 - 00000278 ___SH () C:\Documents and Settings\Chris\ntuser.ini
2014-05-25 11:47 - 2014-05-25 11:47 - 00005940 _____ () C:\Documents and Settings\Chris\reset.log
2014-05-25 11:47 - 2004-02-07 12:34 - 00000000 ____D () C:\Documents and Settings\Chris
2014-05-25 11:44 - 2014-05-04 03:29 - 00043200 _____ () C:\WINDOWS\setupapi.log
2014-05-25 11:21 - 2003-07-16 16:53 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-21 08:31 - 2010-03-13 21:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-05-19 18:04 - 2009-01-31 19:07 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-05-18 18:17 - 2012-08-16 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219$
2014-05-18 14:48 - 2014-05-16 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-05-18 14:48 - 2014-05-16 13:57 - 00000000 ____D () C:\Documents and Settings\Chris\Desktop\mbar
2014-05-18 13:46 - 2014-05-18 12:41 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 13:45 - 2014-05-18 12:39 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-18 13:39 - 2014-05-18 13:39 - 00001925 _____ () C:\Documents and Settings\Chris\Desktop\RKreport[0]_D_05182014_133905.txt
2014-05-18 13:39 - 2014-05-18 13:28 - 00000000 ____D () C:\Documents and Settings\Chris\Desktop\RK_Quarantine
2014-05-18 13:35 - 2014-05-18 13:35 - 00001875 _____ () C:\Documents and Settings\Chris\Desktop\RKreport[0]_S_05182014_133552.txt
2014-05-18 13:23 - 2014-04-16 19:30 - 00000000 ____D () C:\Program Files\HighliteApp
2014-05-18 12:40 - 2014-05-18 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 12:40 - 2014-05-18 12:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-18 12:40 - 2010-03-14 13:12 - 00000000 ____D () C:\Documents and Settings\Chris\Application Data\Malwarebytes
2014-05-18 12:40 - 2010-03-14 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-16 17:16 - 2013-02-09 22:11 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 17:16 - 2004-02-13 18:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-16 13:52 - 2014-05-16 13:49 - 00003850 _____ () C:\Documents and Settings\Chris\Desktop\Rkill.txt
2014-05-14 03:13 - 2013-08-15 04:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 03:01 - 2010-03-22 03:02 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 13:51 - 2012-05-07 19:31 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 13:51 - 2011-10-20 16:30 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 03:41 - 2012-04-29 14:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 03:24 - 2004-02-07 12:25 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-12 03:24 - 2004-02-07 12:25 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-05-10 17:32 - 2013-02-05 21:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 17:56 - 2014-03-27 16:35 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-04 03:29 - 2014-05-04 03:28 - 00002359 _____ () C:\WINDOWS\tsoc.log
2014-05-04 03:29 - 2014-05-04 03:28 - 00002037 _____ () C:\WINDOWS\comsetup.log
2014-05-04 03:29 - 2014-05-04 03:28 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-04 03:29 - 2014-05-04 03:28 - 00001238 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-04 03:29 - 2014-05-04 03:28 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-05-04 03:29 - 2014-05-04 03:28 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-05-04 03:29 - 2014-05-04 03:27 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2014-05-04 03:29 - 2014-05-04 03:27 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-05-04 03:29 - 2014-05-04 03:27 - 00000959 _____ () C:\WINDOWS\iis6.log
2014-05-04 03:29 - 2014-05-04 03:11 - 00009084 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-04 03:28 - 2014-05-04 03:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-04 03:28 - 2014-05-04 03:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-05-04 03:27 - 2014-05-04 03:27 - 00000499 _____ () C:\WINDOWS\updspapi.log
2014-04-30 04:13 - 2008-04-21 02:44 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2004-07-07 18:37 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-27 21:34 - 2014-04-27 21:34 - 00001201 _____ () C:\Documents and Settings\Chris\Desktop\JRT.txt
2014-04-27 21:28 - 2014-04-27 21:28 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-27 21:11 - 2014-04-27 21:09 - 00000000 ____D () C:\AdwCleaner
2014-04-26 15:38 - 2004-09-25 22:27 - 00000000 ____D () C:\Program Files\DivX
2014-04-26 15:37 - 2011-07-13 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2555917$
2014-04-26 14:40 - 2004-09-11 21:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Real
2014-04-26 14:40 - 2004-02-07 12:24 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-04-26 14:38 - 2010-01-01 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX

Files to move or delete:
====================
C:\Documents and Settings\Chris\Application Data\dm.ini


Some content of TEMP:
====================
C:\Documents and Settings\Chris\Local Settings\temp\ntdll_dump.dll
C:\Documents and Settings\Chris\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Chris\Local Settings\temp\TDSSKiller.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

rpcss.dll search:

 

Farbar Recovery Scan Tool (x86) Version:25-05-2014 01
Ran by Chris at 2014-05-25 16:11:16
Running from C:\Documents and Settings\Chris\My Documents\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2004-04-21 07:17] - [2009-02-09 08:10] - 0401408 ____N (Microsoft Corporation) 6b27a5c03dfb94b4245739065431322c

C:\WINDOWS\system32\dllcache\rpcss.dll
[2009-04-16 08:57] - [2009-02-09 08:10] - 0401408 ____C (Microsoft Corporation) 6b27a5c03dfb94b4245739065431322c

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004-08-04 03:56] - [2008-04-13 20:12] - 0399360 ____N (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\ERDNT\cache\rpcss.dll
[2010-03-21 14:11] - [2009-02-09 08:10] - 0401408 ____A (Microsoft Corporation) 6b27a5c03dfb94b4245739065431322c

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009-04-16 21:49] - [2008-04-13 20:12] - 0399360 ____C (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005-10-13 20:14] - [2005-04-28 15:31] - 0395776 ____C (Microsoft Corporation) c8061f289e000703e7672916b7fe1571

C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2005-08-13 19:28] - [2005-01-14 04:55] - 0395776 ____C (Microsoft Corporation) 419899803ca479b73b02390318c787c0

C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll
[2005-02-14 00:21] - [2004-08-04 03:56] - 0395776 ____C (Microsoft Corporation) 5c83a4408604f737717ab96371201680

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[2004-04-21 07:17] - [2003-08-25 14:53] - 0260608 ____C (Microsoft Corporation) 7a6f20eeac4b2168451878af9054396f

C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
[2004-03-01 17:20] - [2003-07-16 16:43] - 0260608 ____C (Microsoft Corporation) 493fcbed180dcacf0b5d4c8c29949ca9

C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2009-03-31 21:31] - [2005-07-26 00:39] - 0397824 ____C (Microsoft Corporation) ce94a2bd25e3e9f4d46a7373ff455c6d

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2009-04-16 08:57] - [2009-02-09 06:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005-07-26 00:20] - [2005-07-26 00:20] - 0398336 ____A (Microsoft Corporation) c369df215d352b6f3a0b8c3469aa34f8

C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[2005-04-28 15:35] - [2005-04-28 15:35] - 0396288 ____A (Microsoft Corporation) da383fb39a6f1c445f3afc94b3eb1248

C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[2005-01-14 01:07] - [2005-01-14 01:07] - 0395776 ____A (Microsoft Corporation) 94456045beb4545b5ebe1dcc85951afa

=== End Of Search ===

 

 

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 26 May 2014 - 01:03 PM

Hello Brad001



I need you to download this script I have made for you --> Attached File  fixlist.txt   218bytes   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo

Edited by gringo_pr, 26 May 2014 - 01:03 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Brad001

Brad001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 26 May 2014 - 01:53 PM

Hi Gringo,

 

Here is the log you requested.  Thank you!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 01
Ran by Chris at 2014-05-26 14:48:03 Run:1
Running from C:\Documents and Settings\Chris\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2099-12-31 62144:163 - 2010-03-13 16:32 - 00006456 ____H () C:\WINDOWS\system32\danodiza
U3 uwrdifod; \??\C:\DOCUME~1\Chris\LOCALS~1\Temp\uwrdifod.sys [X]
C:\Documents and Settings\Chris\Application Data\dm.ini



*****************

C:\WINDOWS\system32\danodiza => Moved successfully.
uwrdifod => Service deleted successfully.
C:\Documents and Settings\Chris\Application Data\dm.ini => Moved successfully.

==== End of Fixlog ====



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 26 May 2014 - 03:37 PM



Hello Brad001

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Brad001

Brad001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 27 May 2014 - 08:37 PM

Hello Gringo,

 

Things seem to be running very smoothly.  I havn't heard any random sounds and no redirects. :thumbup2:  Here are the logs you requested.  Thank you.

 

 

AdwCleaner:

 

# AdwCleaner v3.211 - Report created 27/05/2014 at 21:11:17
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Chris - HOME-0P3PDXVGZN
# Running from : C:\Documents and Settings\Chris\My Documents\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739027FD-0200-4F32-A9AC-8E4058065C1A}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\013AC89AE8CD1D45889FDECE68DF5C58
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13FCB74451B14F755A9489A45D48059A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A8D788750C70AA57A73B2319DF554AE
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\592A2C0FFC3C7855AA30F38A3C25B7DA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A426544C5826DA5292547521114EC1F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC5ECDC1EDBB7615D81C34F1B6A68589
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D35F7D2F9958FA155AE7953C4A2EE959
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB01B45D33D99A85CB09D2FCEABE5EAC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF720937002023F49ACAE8048560C5A1
Key Deleted : HKLM\Software\Classes\Installer\Features\DF720937002023F49ACAE8048560C5A1
Key Deleted : HKLM\Software\Classes\Installer\Products\DF720937002023F49ACAE8048560C5A1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\67jtxl7n.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5186 octets] - [27/04/2014 21:09:25]
AdwCleaner[R1].txt - [3224 octets] - [26/05/2014 19:53:23]
AdwCleaner[R2].txt - [3284 octets] - [27/05/2014 21:07:18]
AdwCleaner[S0].txt - [5365 octets] - [27/04/2014 21:11:25]
AdwCleaner[S1].txt - [3249 octets] - [27/05/2014 21:11:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3309 octets] ##########

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Chris on Tue 05/27/2014 at 21:23:24.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Chris\Application Data\mozilla\firefox\profiles\67jtxl7n.default\minidumps [5 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/27/2014 at 21:29:33.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 31 May 2014 - 04:15 AM


Hello Brad001

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Brad001

Brad001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 02 June 2014 - 07:22 AM

Hi Gringo,

 

I attempted to run Combofix but didn't seem to have any luck in getting it to work.  It backed up everything but then got hung up on the screen where it says "scanning for infected files."  I know it said for badly infected systems it could take longer than 10 minutes to complete but it sat on the mentioned screen for well over an hour.  I disabled AVG and had all open programs and browsers closed.  I'm not sure if there was something else running on my machine preventing Combofix from running or not.  Thank you.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 06 June 2014 - 06:35 AM


Hello Brad001

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Brad001

Brad001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 08 June 2014 - 03:34 PM

Hi Gringo,

 

I tried running ComboFix in safe mode but still didn't have any luck.  Just like last time, it seemed to get hung up at "scanning for infected files."  I left it sit there for more than 45 minutes.  I'm not sure what's going on.  I apologize for being such a hassle.  Thanks for all your help thus far.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 08 June 2014 - 04:43 PM


Hello Brad001

I would like you to try this to see if combofix will run

combofix
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Brad001

Brad001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 June 2014 - 08:23 AM

Hi Gringo,

 

I didn't have any luck getting this to work while booted up normally.  ComboFix just seemed to sit there as it has been doing.  I havn't tried doing the same command in safe mode but I can try if you'd like.  Thanks for all your help.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:18 AM

Posted 12 June 2014 - 02:15 PM





Hello Brad001

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Brad001

Brad001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 17 June 2014 - 07:30 AM

Hi Gringo,

 

I have not yet been able to complete everything you have requested.  I may not be able to get to it until later this week or even the weekend.  If this is a problem please let me know and I will try to get everything completed sooner.  It's just been busy lately.  I just wanted to let you know what was going on so the thread wouldn't be closed.  I appreciate all your help and certainly want to make sure I complete all necessary steps in order to clean up the machine.  Thanks again!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users