Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not remove "ib.adnxs.com" from my computer


  • This topic is locked This topic is locked
70 replies to this topic

#1 MAKRLM

MAKRLM

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 08 October 2014 - 09:18 PM

Hello,

Have not been here for sometime now.

I now have a Win 7 64bit computer.

I started getting all the ads from ib.adnxs.com about 3 weeks ago.   I went to Google and found some help removing this thing, but it keeps coming back.

Do you hace any sure fire solution for removal of this ??

 

Any help would be greatly appreciated,

 

MAKRLM -   Mac  



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 09 October 2014 - 06:25 PM

Hello MAKRLM,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 October 2014 - 11:15 PM

Hello "fireman4it",

Thanks for the fast response.

 

I will attach the iems you wanted - I ran The AdwCleaner a few days ago, will send both results.

Will send FARBAR results in another reply.  It is to big to go with these items.

 

Thanks -- Mac

Attached Files



#4 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 October 2014 - 11:26 PM

Hello again,

 

FARBAR results (I hope).

 

It is still to big.  I tried to copy and paste, and it did not work either.

 

It is in Notepad.

 

Sorry...

 

 

Any suggestions ???

Mac ------



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 13 October 2014 - 05:32 PM

Use multiple posts if you have to to post the entire log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 13 October 2014 - 09:50 PM

Hello again fireman4it,
It took many attempts to get a copy of the Farbar results into this window.
Had to finally make it an Office Doc.
 
Here goes --
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-10-2014 01
Ran by Mac 3c (administrator) on MAC3CPC on 09-10-2014 19:16:05
Running from C:\Users\Mac 3c\Desktop
Loaded Profile: Mac 3c (Available profiles: Mac 3c)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kingsoft Corporation) C:\Program Files\Kingsoft\PCDoctor\KSafeSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Abine Inc.) C:\Program Files\DoNotTrackMe\AbineAutoUpdate.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1399603449\ee\aolsoftware.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Flux Software LLC) C:\Users\Mac 3c\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.6\waol.exe
(Kingsoft Corporation) C:\Program Files\Kingsoft\PCDoctor\KSafeTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.6\shellmon.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Realtek Semiconductor Corp.) C:\Program Files\netis\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\netis\USB Wireless LAN Utility\RtWLan.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
(Farbar) C:\Users\Mac 3c\Desktop\FRST 32.exe
 

==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [KSafeTray] => C:\Program files\Kingsoft\PCDoctor\KSafeTray.exe [742816 2012-04-10] (Kingsoft Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1399603449\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [AbineAutoUpdate] => C:\Program Files\DoNotTrackMe\AbineAutoUpdate.exe [127352 2014-07-22] (Abine Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2826808495-3214606955-212491988-1000\...\Run: [HP Photosmart 7520 series (NET) #2] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2826808495-3214606955-212491988-1000\...\Run: [f.lux] => C:\Users\Mac 3c\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2826808495-3214606955-212491988-1000\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKU\S-1-5-21-2826808495-3214606955-212491988-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2826808495-3214606955-212491988-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-09] (Siber Systems)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: DoNotTrackMe BHO -> {C584D6D2-EF22-4C61-BF5B-0C7E723D836C} -> C:\Program Files\DoNotTrackMe\3.2.1166\AbineBHO.dll (Abine Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.170.153.146
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-05]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-05-17]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
S3 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-09-26] (SurfRight B.V.)
R3 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 KSafeSvc; C:\Program files\Kingsoft\PCDoctor\KSafeSvc.exe [290720 2012-04-10] (Kingsoft Corporation)
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R3 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R3 Realtek8723AU; C:\Program Files\netis\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R3 RunSwUSB; C:\Windows\runSW.exe [44104 2013-05-23] ()
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-05-08] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-05-08] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2010840 2013-08-05] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 catchme; \??\C:\Users\MAC3C~1\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 

==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-09 19:16 - 2014-10-09 19:16 - 00016360 _____ () C:\Users\Mac 3c\Desktop\FRST.txt
2014-10-09 19:15 - 2014-10-09 19:16 - 00000000 ____D () C:\FRST
2014-10-09 19:15 - 2014-10-09 19:15 - 01101312 _____ (Farbar) C:\Users\Mac 3c\Desktop\FRST 32.exe
2014-10-09 19:13 - 2014-10-09 19:13 - 01375089 _____ () C:\Users\Mac 3c\Desktop\AdwCleaner.exe
2014-10-09 18:40 - 2014-10-09 18:40 - 16254368 _____ (Siber Systems) C:\Users\Mac 3c\Downloads\RoboForm-Setup-cnetc.exe
2014-10-08 00:16 - 2014-10-08 00:16 - 00001018 _____ () C:\Windows\PFRO.log
2014-10-08 00:09 - 2014-10-08 00:09 - 00019615 _____ () C:\ComboFix.txt
2014-10-07 23:43 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-07 23:43 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-07 23:43 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-07 23:43 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-07 23:43 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-07 23:43 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-07 23:43 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-07 23:43 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-07 23:42 - 2014-10-07 23:35 - 05582481 ____R (Swearware) C:\Users\Mac 3c\Desktop\ComboFix.exe
2014-10-07 23:41 - 2014-10-07 23:35 - 05582481 ____R (Swearware) C:\Users\Mac 3c\Downloads\ComboFix.exe
2014-10-07 23:36 - 2014-10-08 00:04 - 00000000 ____D () C:\Windows\erdnt
2014-10-07 23:29 - 2014-10-07 23:29 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Mac 3c\Downloads\rkill.exe
2014-10-07 22:53 - 2014-10-07 23:39 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-10-07 22:53 - 2014-10-07 22:53 - 06808688 _____ (ParetoLogic, Inc.) C:\Users\Mac 3c\Downloads\RegCureProSetup.exe
2014-10-07 22:53 - 2014-10-07 22:53 - 00000000 ____D () C:\Users\Mac 3c\AppData\Roaming\ParetoLogic
2014-10-07 19:31 - 2014-10-09 18:28 - 00000224 _____ () C:\Windows\setupact.log
2014-10-07 19:31 - 2014-10-07 19:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-07 19:30 - 2014-10-09 18:29 - 00004484 _____ () C:\Windows\runSW.log
2014-10-07 19:30 - 2014-10-07 19:31 - 00290840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-07 19:26 - 2014-10-07 19:26 - 04965896 _____ (Piriform Ltd) C:\Users\Mac 3c\Downloads\ccsetup418.exe
2014-10-05 23:42 - 2014-10-07 19:18 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-05 23:41 - 2014-10-07 19:16 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-05 23:41 - 2014-10-05 23:41 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-05 23:38 - 2014-10-05 23:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Mac 3c\Downloads\SpyHunter-Installer.exe
2014-10-05 21:01 - 2014-10-09 18:29 - 00000000 ____D () C:\Program Files\DoNotTrackMe
2014-10-05 20:59 - 2014-10-05 20:59 - 02648336 _____ (Abine Inc ) C:\Users\Mac 3c\Downloads\installer do not track me.exe
2014-10-05 19:51 - 2014-10-05 19:51 - 02184336 _____ (Microsoft Corporation) C:\Users\Mac 3c\Downloads\DefaultPack.EXE
2014-10-03 00:47 - 2014-10-03 00:47 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-10-03 00:47 - 2014-10-03 00:47 - 00000000 ____D () C:\Program Files\AdwareRemovalToolv3.7
2014-10-03 00:46 - 2014-10-03 00:46 - 00708832 _____ () C:\Users\Mac 3c\Downloads\Adware-Removal-Tool-v3.8.exe
2014-09-30 22:55 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 21:06 - 2014-09-30 21:06 - 00003746 _____ () C:\Users\Mac 3c\Documents\free_av_9.0.2021_2014-9-30_13-49-29.avastconfig
2014-09-30 19:49 - 2014-09-30 19:50 - 01375089 _____ () C:\Users\Mac 3c\Downloads\adwcleaner_3.311.exe
2014-09-26 23:06 - 2014-09-26 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-26 23:06 - 2014-09-26 23:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-26 23:05 - 2014-09-27 19:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-26 23:04 - 2014-09-26 23:05 - 10280824 _____ (SurfRight B.V.) C:\Users\Mac 3c\Downloads\HitmanPro.exe
2014-09-26 22:44 - 2014-09-26 22:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-26 22:43 - 2014-09-26 22:43 - 01699118 _____ (Thisisu) C:\Users\Mac 3c\Downloads\Junkware Removal Tool.exe
2014-09-26 22:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-24 19:34 - 2014-09-24 19:34 - 00364734 _____ () C:\Users\Mac 3c\Downloads\Easeus free backup tb_free.exe
2014-09-24 19:07 - 2014-09-24 19:07 - 01002904 _____ (AOL Inc.) C:\Users\Mac 3c\Downloads\aol_oneclick.exe
2014-09-24 18:34 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 23:40 - 2014-10-02 20:54 - 00002881 _____ () C:\Users\Mac 3c\Desktop\GadgetWide Tool.lnk
2014-09-23 23:40 - 2014-10-02 20:54 - 00002835 _____ () C:\Users\Mac 3c\AppData\Roaming\Microsoft\Windows\Start Menu\GadgetWide Tool.lnk
2014-09-23 23:40 - 2014-10-02 20:54 - 00000000 ____D () C:\Program Files\GadgetWide Cloud Control Service
2014-09-23 23:35 - 2014-09-23 23:35 - 06431641 _____ () C:\Users\Mac 3c\Downloads\gwcc1.2.6 iPod.zip
2014-09-22 18:44 - 2014-09-22 18:44 - 00000000 ____D () C:\Users\Mac 3c\AppData\Local\Hewlett-Packard
2014-09-22 18:41 - 2014-09-22 18:41 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-09-21 19:24 - 2014-09-21 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-18 12:27 - 2014-09-18 12:27 - 140852175 _____ () C:\Users\Mac 3c\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-17 19:58 - 2014-09-17 19:58 - 00005766 _____ () C:\Users\Mac 3c\Documents\cc_20140917_195812.reg
2014-09-15 21:06 - 2014-09-15 21:07 - 16337880 _____ (Siber Systems) C:\Users\Mac 3c\Downloads\RoboForm-Setup.exe
2014-09-11 14:33 - 2014-09-11 14:36 - 00000000 ____D () C:\Program Files\AOL Desktop 9.7
2014-09-09 23:14 - 2014-09-09 23:14 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-09 23:14 - 2014-09-09 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-09 23:12 - 2014-09-09 23:14 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-09 23:12 - 2014-09-09 23:14 - 00000000 ____D () C:\Program Files\iTunes
2014-09-09 23:12 - 2014-09-09 23:12 - 00000000 ____D () C:\Program Files\iPod
2014-09-09 18:57 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-09 18:57 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-09 18:57 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-09 18:57 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-09 18:57 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-09 18:57 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-09 18:57 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-09 18:57 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-09 18:57 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-09 18:57 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-09 18:57 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-09 18:57 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-09 18:57 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-09 18:57 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-09 18:57 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-09 18:57 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-09 18:57 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-09 18:57 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-09 18:57 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-09 18:56 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-09 18:56 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-09 18:56 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-09 18:56 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-09 18:56 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-09 18:56 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-09 18:56 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-09 18:56 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-09 18:56 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-09 18:56 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-09 18:56 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-09 18:56 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-09 18:45 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 18:45 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 18:44 - 2014-09-04 18:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 18:44 - 2014-09-04 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 18:44 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 18:44 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-09 19:09 - 2014-05-04 19:54 - 01856843 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 18:46 - 2014-05-04 20:12 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 18:41 - 2014-05-09 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-09 18:35 - 2009-07-13 21:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 18:35 - 2009-07-13 21:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 18:28 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 21:30 - 2014-05-06 23:39 - 00000000 ____D () C:\Users\Mac 3c\Desktop\Security and Cleanup 3c
2014-10-08 20:01 - 2014-05-04 21:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 00:10 - 2013-08-02 11:51 - 00000000 ____D () C:\Qoobox
2014-10-08 00:10 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-10-08 00:03 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 23:56 - 2014-05-06 23:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-07 19:26 - 2014-05-06 21:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-07 19:24 - 2014-08-16 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-10-07 19:23 - 2014-05-13 22:59 - 00000000 ____D () C:\Users\Mac 3c\AppData\Local\Google
2014-10-07 19:23 - 2014-05-13 22:59 - 00000000 ____D () C:\Program Files\Google
2014-10-07 19:21 - 2014-06-16 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
2014-10-05 22:41 - 2013-12-08 19:29 - 00000000 ____D () C:\AdwCleaner
2014-10-03 19:18 - 2014-05-09 20:57 - 00000000 ____D () C:\Users\Mac 3c\Desktop\Desktop Pics
2014-10-03 00:59 - 2014-05-04 22:26 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-10-02 19:53 - 2014-05-06 23:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-01 20:04 - 2014-05-06 21:34 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-30 21:29 - 2013-12-24 00:44 - 00000000 ____D () C:\EEK
2014-09-30 18:38 - 2014-05-11 21:09 - 00000000 ____D () C:\Users\Mac 3c\Desktop\Unused Icons
2014-09-27 19:57 - 2009-07-13 19:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20141001-200410.backup
2014-09-26 23:40 - 2014-05-07 21:02 - 00000000 ____D () C:\Users\Mac 3c\AppData\Roaming\HpUpdate
2014-09-23 23:40 - 2014-05-04 20:13 - 00000000 ____D () C:\Users\Mac 3c\AppData\Local\VirtualStore
2014-09-23 19:58 - 2014-05-06 23:28 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-09-23 19:55 - 2014-05-11 00:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 19:55 - 2014-05-11 00:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 00:22 - 2014-06-10 20:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-22 18:44 - 2014-05-04 21:45 - 00065152 _____ () C:\Users\Mac 3c\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 19:56 - 2009-07-13 19:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140927-195712.backup
2014-09-20 19:51 - 2014-05-09 20:59 - 00000000 ____D () C:\Users\Mac 3c\Desktop\Items for sale
2014-09-18 19:30 - 2014-05-04 23:03 - 00000000 ____D () C:\Users\Mac 3c\AppData\Local\Windows Live
2014-09-17 22:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-17 21:43 - 2014-05-07 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-16 20:44 - 2009-07-13 19:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140921-195601.backup
2014-09-15 18:31 - 2014-05-09 21:24 - 00000000 ____D () C:\Users\Mac 3c\AppData\Roaming\RoboForm
2014-09-15 18:21 - 2014-08-16 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-09-15 18:21 - 2014-08-16 19:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-09-13 00:11 - 2014-05-09 21:00 - 00000000 ____D () C:\Users\Mac 3c\Desktop\Mikki and Family Christmas 2013
2014-09-11 14:35 - 2014-06-25 18:49 - 00000945 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
2014-09-11 14:35 - 2014-05-08 19:45 - 00000000 ____D () C:\Users\Mac 3c\AppData\Roaming\AOL
2014-09-11 14:35 - 2014-05-08 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-09-11 14:35 - 2014-05-08 19:43 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-09-11 14:35 - 2012-11-16 20:57 - 00345998 _____ () C:\install.log
2014-09-11 14:34 - 2014-05-08 19:44 - 00000000 ____D () C:\Users\Mac 3c\AppData\Local\AOL
2014-09-11 14:33 - 2014-05-08 19:43 - 00000000 ____D () C:\ProgramData\AOL
2014-09-11 14:33 - 2014-05-08 19:43 - 00000000 ____D () C:\Program Files\Common Files\aolshare
2014-09-09 23:12 - 2014-05-13 22:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 19:35 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-09 19:17 - 2009-07-13 19:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140916-204400.backup
2014-09-09 18:56 - 2014-05-04 23:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-09 18:52 - 2014-05-04 23:28 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 18:51 - 2014-05-05 22:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\Mac 3c\AppData\Local\Temp\AiRoboForm-6-9-93.exe
 

==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2014-05-04 20:41
 
==================== End Of Log ============================
 
thanks again --
Mac ---


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 14 October 2014 - 04:00 PM

Can you please post the Addition.txt that was created when you ran FRST.

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or AVG.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 14 October 2014 - 11:32 PM

dear fieman4it,

Hello,

I used to have AVG on this computer and thought it was totally removed by "REVO Uninstaller".

Went to your downloads and got the AVG Removal tool and used it.  Hopefully it is all gone now..

  Hope that does the trick ..  ANything else to add to my problem //

 

I ran COMBO Fix a few weeeks back and still have the results from that if you want to see it too..

 

Thanks agin ,

 

Mac



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 15 October 2014 - 12:31 AM

I need the Addition.txt that was created when you ran FRST.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 15 October 2014 - 01:58 AM

Hello -

I hope I can get this in before  all the "ib.adnxs.com" starts again ---  Been trying to reply for about 20 mins now --

 

Here goes - I hope -

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-10-2014 01

Ran by Mac 3c at 2014-10-09 19:17:11

Running from C:\Users\Mac 3c\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

123 Free Solitaire v10.0 (HKLM\...\123 Free Solitaire_is1) (Version:  - TreeCardGames)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Aiseesoft iPhone Transfer 7.0.30 (HKLM\...\{ED0F3D85-995D-4605-88C5-226644C25DF1}_is1) (Version: 7.0.30 - Aiseesoft Studio)

AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)

Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)

Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)

CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DoNotTrackMe Add-on 3.2.1166 (HKLM\...\DoNotTrackMe Add-on_is1) (Version: 3.2.1166 - Abine Inc)

Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)

eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESScore (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden

ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden

essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden

f.lux (HKCU\...\Flux) (Version:  - )

fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden

FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )

GadgetWide Cloud Control Service (HKLM\...\{6147344A-2A3D-4CE0-9F09-E99CE1C45573}) (Version: 1.2.0.6 - GadgetWide)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)

HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Photosmart 7520 series Basic Device Software (HKLM\...\{5D41F668-BD2C-4EC4-B624-8C0C8A7D26DD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart 7520 series Help (HKLM\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)

HP Photosmart 7520 series Product Improvement Study (HKLM\...\{AAA31B13-2414-4579-8E84-979868065365}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Support Solutions Framework (HKLM\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)

HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Internet Accelerator 2 (HKLM\...\Internet Accelerator 2) (Version: 2 - Pointstone Software, LLC)

iPhone Care Pro  (HKLM\...\iPhone Care Pro) (Version:  - Tenorshare, Inc.)

iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Karen's Show Stopper (HKLM\...\Karen's Show Stopper) (Version: 2.1.0.3 - Karen Kenworthy)

kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden

kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden

kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden

kgckids (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden

kgcmove (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden

kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden

Kingsoft PC Doctor 3.7.0.47  (HKLM\...\Kingsoft PC Doctor) (Version: 3.7.0.47  - Kingsoft PC Doctor)

Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)

Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden

Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Moffsoft FreeCalc (HKLM\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden

netis Wireless LAN Driver and Utility (HKLM\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0223 - netis Systems Co.,Ltd.)

OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden

OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)

Philips Digital Audio Player (HKLM\...\{8C99E9B3-292B-4E0D-A719-998AFF4DB27C}) (Version:  - )

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterberg)

Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

RoboForm 7-9-10-1 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)

SFR (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden

SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden

skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)

SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)

Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.6\axtrack.dll (AOL Inc.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.6\axtrack.dll (AOL Inc.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.6\axtrack.dll (AOL Inc.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2826808495-3214606955-212491988-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mac 3c\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

10-09-2014 01:45:24 Windows Update

23-09-2014 01:40:39 Installed HP Support Solutions Framework

24-09-2014 06:38:45 Installed GadgetWide Cloud Control Service

25-09-2014 01:34:58 Windows Update

01-10-2014 04:27:55 Checkpoint by HitmanPro

01-10-2014 05:55:17 Windows Update

06-10-2014 06:41:33 Installed SpyHunter

08-10-2014 02:12:44 Revo Uninstaller's restore point - SpyHunter

08-10-2014 02:13:31 Removed SpyHunter

08-10-2014 02:22:11 Revo Uninstaller's restore point - Google Chrome

08-10-2014 06:38:52 Revo Uninstaller's restore point - RegCure Pro

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 19:04 - 2014-10-01 20:04 - 00450709 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

 

There are 1000 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1674A770-AB72-4E83-BF82-2150F90BC6A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {1DCF3D08-838C-4A85-87E4-AC611A2BBBAF} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {2485F527-E883-4EC2-B232-62967753EECF} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {25F10A54-A650-4FBC-B0B4-F6847A922B61} - \Driver Booster SkipUAC (Mac 3c) No Task File <==== ATTENTION

Task: {29795061-947C-4F80-AF3F-3978BAD8879B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {634F3726-5629-4FF7-A979-5D68A0A22E68} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMMMKMNMMJPMNJHMOJCNNJIMOJKJCNLMHMLMMJCNOJLMNJNJCNKJKJOMLMOMNMGMOMJJJJPMJJJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMMJBJKJLIMJFMOMKMNMJNHICMEKMICNJJCKJNBJCMLLKJBJBJGJMIPNCLMJBLGJMJHJAJDJOJMIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMKMPMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"

Task: {6714919D-2031-45B0-8F9C-CE98EA4E3D25} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

Task: {6DD8E93C-AB1D-4BA9-9D0E-49B3AA34A29E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Task: {97628016-9C7D-4334-8728-912391344540} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-10-09] (Siber Systems)

Task: {993695EE-7521-4A3C-AB7B-94A1999A4DBD} - System32\Tasks\KsafeDelay => C:\Program Files\Kingsoft\PCDoctor\KSafeTray.exe [2012-04-10] (Kingsoft Corporation)

Task: {B4A854F5-248C-4B7B-85F2-C30797B345F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)

Task: {C22B27FF-CDE1-4E5F-80A5-1D46ABA41252} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-05] (AVAST Software)

Task: {CDE6C99F-0A83-499B-9BA9-5EF19C676C82} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Loaded Modules (whitelisted) =============

 

2014-07-05 01:14 - 2014-07-05 01:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-10-08 18:55 - 2014-10-08 18:55 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100802\algo.dll

2014-10-09 18:30 - 2014-10-09 18:30 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100901\algo.dll

2011-10-21 02:01 - 2011-10-21 02:01 - 00075160 _____ () C:\Program files\Kingsoft\PCDoctor\json.dll

2014-07-05 01:14 - 2014-07-05 01:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-04-25 14:52 - 2011-04-25 14:52 - 00048640 _____ () C:\Program Files\AOL Desktop 9.6\zlib.dll

2011-04-25 14:52 - 2011-04-25 14:52 - 00094208 _____ () C:\Program Files\AOL Desktop 9.6\Components\Tier2Svc.dll

2011-04-25 14:52 - 2011-04-25 14:52 - 00060928 _____ () C:\Program Files\AOL Desktop 9.6\Components\DataSvcs.dll

2011-10-21 02:01 - 2011-10-21 02:01 - 00075160 _____ () C:\Program Files\Kingsoft\PCDoctor\json.dll

2011-10-21 02:01 - 2011-10-21 02:01 - 00140664 _____ () C:\Program files\Kingsoft\PCDoctor\zlib1.dll

2014-05-04 21:23 - 2013-05-23 15:33 - 00044104 _____ () C:\Windows\runSW.exe

2014-05-04 21:23 - 2013-02-27 17:17 - 00221184 _____ () C:\Program Files\netis\USB Wireless LAN Utility\EnumDevLib.dll

2014-05-06 21:34 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-05-06 21:34 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

2014-05-06 21:34 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b

MSCONFIG\startupreg: HP Photosmart 7520 series (NET) #2 => "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN33S4928J05YY:NW" -scfn "HP Photosmart 7520 series (NET) #2" -AutoStart 1

MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: KSafeTray => "C:\Program files\Kingsoft\PCDoctor\KSafeTray.exe" -autorun

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2826808495-3214606955-212491988-500 - Administrator - Disabled)

Guest (S-1-5-21-2826808495-3214606955-212491988-501 - Limited - Disabled)

Mac 3c (S-1-5-21-2826808495-3214606955-212491988-1000 - Administrator - Enabled) => C:\Users\Mac 3c

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

Error: (10/08/2014 11:57:51 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Processor: Intel® Core™2 CPU 6300 @ 1.86GHz

Percentage of memory in use: 46%

Total physical RAM: 3317.61 MB

Available physical RAM: 1777.75 MB

Total Pagefile: 6631.46 MB

Available Pagefile: 4797.92 MB

Total Virtual: 2047.88 MB

Available Virtual: 1897.98 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:849.58 GB) NTFS

Drive e: (TOSHIBA EXT) (Fixed) (Total:1397.26 GB) (Free:1067.21 GB) NTFS

Drive f: () (Removable) (Total:3.73 GB) (Free:3.26 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0C48F060)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 1397.3 GB) (Disk ID: 541A362F)

Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 15 October 2014 - 03:26 PM

IS this happening in all your browsers or just one of them? Firefox? Chrome? Internet explorer?

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 15 October 2014 - 09:34 PM

I only have IE and AOL. AOL uses some smaller version of IE, but you knew that.. 

I got rid of Chrome because I kept seeing 6 or 7 Chrome ??  running in the background when I was not using it..

 

Ran "RougeKiller" and the results are :

RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Mac 3c [Administrator]

Mode : Scan -- Date : 10/15/2014  19:16:43

 

¤¤¤ Processes : 1 ¤¤¤

[Suspicious.Path] (SVC) RunSwUSB -- C:\Windows\runSW.exe[7] -> Stopped

 

¤¤¤ Registry : 21 ¤¤¤

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\MAC3C~1\AppData\Local\Temp\catchme.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RunSwUSB (C:\Windows\runSW.exe) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\MAC3C~1\AppData\Local\Temp\catchme.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RunSwUSB (C:\Windows\runSW.exe) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\MAC3C~1\AppData\Local\Temp\catchme.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RunSwUSB (C:\Windows\runSW.exe) -> Found

[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-21-2826808495-3214606955-212491988-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://msn.com  -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-21-2826808495-3214606955-212491988-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 216.170.153.146  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 216.170.153.146  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 216.170.153.146  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7FEF4ADA-4638-485B-B1C8-418DDF502A52} | DhcpNameServer : 192.168.0.1 216.170.153.146  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7FEF4ADA-4638-485B-B1C8-418DDF502A52} | DhcpNameServer : 192.168.0.1 216.170.153.146  -> Found

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7FEF4ADA-4638-485B-B1C8-418DDF502A52} | DhcpNameServer : 192.168.0.1 216.170.153.146  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-2826808495-3214606955-212491988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 4 ¤¤¤

[Suspicious.Path] WpsNotifyTask_Mac 3c.job -- C:\Users\Mac 3c\AppData\Local\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsnotify.exe (-from=task) -> Found

[Suspicious.Path] WpsUpdateTask_Mac 3c.job -- C:\Users\Mac 3c\AppData\Local\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsupdate.exe (-from=task) -> Found

[Suspicious.Path] \\WpsNotifyTask_Mac 3c -- C:\Users\Mac 3c\AppData\Local\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsnotify.exe (-from=task) -> Found

[Suspicious.Path] \\WpsUpdateTask_Mac 3c -- C:\Users\Mac 3c\AppData\Local\Kingsoft\WPS Office\9.1.0.4758\wtoolex\wpsupdate.exe (-from=task) -> Found

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

 

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤

[Filter()] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\DRIVERS\cmderd.sys)

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-009BA0 ATA Device +++++

--- User ---

[MBR] 2767a7b3e91ffe29fe857323721bb61c

[BSP] a2e3e7e322048a680075e7d21f7617d8 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: TOSHIBA External USB 3.0 USB Device +++++

--- User ---

[MBR] 235f7120d5ae7630e28f2f3badd148ad

[BSP] ac32d7e5b51991b879fcfa622d5ff64b : Unknown MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

 Thanks ----



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 15 October 2014 - 10:04 PM

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

2

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click ProxyFix 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

3

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click hostfix 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 17 October 2014 - 09:46 PM

Hello,

 

Ran this again and I can't attach a copy of the report no matter what way I try.  It also keeeps sening me to Adlice.  I can't figure out how to use that..  Can't close RougeKiller either.  WIll get it closed one way or another..

 

I do not get any of the things you mentioned when I right click "Run as Administrator.  So I can't do those things...

 

On original post, there was an "Add an attachment" button at the bottom of the post window - It has not been there since then.  That is 1 reason I can't send attachments..

 

Any suggestions ??

 

Mac --------



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 19 October 2014 - 09:36 PM

i don't want you to add an attachment. I want you to copy and paste the logs directly into your replies.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users