Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage 100%


  • This topic is locked This topic is locked
18 replies to this topic

#1 Taiter

Taiter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 18 November 2014 - 09:58 PM

I need your help, I don't know where to start.  Something called AcroRd32 is running like crazy.  I have ran SuperAntiSpyware over and over and nothings working.  I am grateful for your assistance.

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 23 November 2014 - 10:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556744 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Taiter

Taiter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 23 November 2014 - 10:34 PM

Running at 100%, working in safe mode now, 32 bit system, I do not have the discs but could locate them.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.19088
Run by Randy at 21:26:25 on 2014-11-23
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3034.1826 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\Receiver\Receiver.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090108
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Report] c:\adwcleaner\AdwCleaner[S3].txt
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [CitrixReceiver] "c:\programdata\microsoft\windows\start menu\programs\citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Redirector] "c:\program files\citrix\ica client\redirector.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{42538D74-FE85-4E32-9908-03AF5ACB3D79} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B800951E-0135-4FAD-B34C-945594D1BE76} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\randy\appdata\roaming\mozilla\firefox\profiles\xfx7viw8.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\ica client\npicaN.dll
FF - plugin: c:\program files\citrix\ica client\npURLInterceptorPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\users\randy\appdata\roaming\e-centives\NPcolPM460.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2014-8-27 70008]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-18 114904]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_85b55258\AEstSrv.exe [2009-1-8 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-18 1871160]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-18 968504]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-18 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-18 51928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-11-23 19:39:45    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{920c9b3f-5e58-4f01-bb23-22545bc38fdb}\offreg.dll
2014-11-19 04:34:45    --------    d-----w-    C:\AdwCleaner
2014-11-19 03:24:16    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-19 03:23:27    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-19 03:23:27    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-19 03:23:27    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-19 03:23:27    --------    d-----w-    c:\programdata\Malwarebytes
2014-11-19 03:23:27    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-11-19 03:09:15    --------    d-----w-    C:\FRST
2014-11-18 13:18:36    8941456    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{920c9b3f-5e58-4f01-bb23-22545bc38fdb}\mpengine.dll
2014-11-14 03:02:28    79654    ----a-w-    c:\windows\system32\E_FLM9HA.DLL
2014-11-14 03:02:28    64000    ----a-w-    c:\windows\system32\E_FBCB9HA.DLL
2014-11-14 03:02:28    34304    ----a-w-    c:\windows\system32\E_FBCH9HA.DLL
2014-11-14 03:00:24    32768    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
2014-11-14 02:52:46    46080    ----a-w-    c:\windows\system32\escimgd.dll
2014-11-14 02:52:46    29696    ----a-w-    c:\windows\system32\escwiad.dll
2014-11-14 02:52:46    22528    ----a-w-    c:\windows\system32\esccmd.dll
2014-11-14 02:52:46    --------    d-----w-    c:\program files\epson
2014-11-14 02:51:38    1409    ----a-w-    c:\windows\system32\tmp312A4.FOT
2014-11-11 22:46:53    --------    d-----w-    c:\users\randy\appdata\local\Macromedia
2014-11-10 23:32:47    --------    d-----w-    c:\windows\ERUNT
2014-11-10 17:58:44    --------    d-----w-    c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-10 17:58:44    --------    d-----w-    c:\program files\iTunes
2014-11-07 18:15:28    --------    d-----w-    C:\Lisa
2014-11-06 23:03:05    --------    d-----w-    c:\users\randy\appdata\local\Adobe
2014-11-06 18:41:19    --------    d-----w-    c:\users\randy\appdata\roaming\ICAClient
2014-11-06 18:41:07    --------    d-----w-    c:\programdata\Citrix
2014-11-06 18:39:26    --------    d-----w-    c:\users\randy\appdata\local\Citrix
2014-11-06 18:39:26    --------    d-----w-    c:\program files\common files\Citrix
.
==================== Find3M  ====================
.
2014-11-11 22:43:18    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 22:43:18    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-04 20:30:58    229000    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-28 05:31:42    70008    ----a-w-    c:\windows\system32\drivers\ctxusbm.sys
.
============= FINISH: 21:28:09.46 ===============
 



#4 Taiter

Taiter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 23 November 2014 - 10:35 PM

I forgot to say thank you!



#5 Taiter

Taiter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 25 November 2014 - 04:19 PM

This is not a valid topic or it has already been responded to!

There was an error and details were sent to the administrator.

 

I'm not sure the BOT registered my reply or not?  I do still need assistance.

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:56 PM

Posted 26 November 2014 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #7 Taiter

    Taiter
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:07:56 PM

    Posted 26 November 2014 - 11:12 AM

    Hello nasdaq!  Thanks for your assistance.  Here is the first report and I will do the rest as soon as I can.

     

    # AdwCleaner v4.102 - Report created 26/11/2014 at 09:36:01
    # Updated 23/11/2014 by Xplode
    # Database : 2014-11-26.1 [Live]
    # Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
    # Username : Randy - RANDY-PC
    # Running from : C:\Users\Randy\Desktop\adwcleaner_4.102.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.19088


    -\\ Mozilla Firefox v33.1 (x86 en-US)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R2].txt - [2974 octets] - [18/11/2014 22:34:49]
    AdwCleaner[R3].txt - [320 octets] - [18/11/2014 22:36:37]
    AdwCleaner[R4].txt - [3090 octets] - [19/11/2014 07:50:54]
    AdwCleaner[R5].txt - [1085 octets] - [19/11/2014 10:45:02]
    AdwCleaner[R6].txt - [380 octets] - [19/11/2014 10:45:39]
    AdwCleaner[R7].txt - [949 octets] - [26/11/2014 09:36:01]
    AdwCleaner[S2].txt - [3029 octets] - [19/11/2014 07:55:50]
    AdwCleaner[S3].txt - [1147 octets] - [19/11/2014 10:49:05]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1128 octets] ##########



    #8 Taiter

    Taiter
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:07:56 PM

    Posted 30 November 2014 - 08:56 PM

    nasdaq, here is the second report.  Sorry for the delay, got the flu.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2014 01
    Ran by Randy (administrator) on RANDY-PC on 30-11-2014 19:46:03
    Running from C:\Users\Randy\Desktop
    Loaded Profile: Randy (Available profiles: Randy)
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    () C:\Windows\System32\WLTRYSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe
    (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe
    (Farbar) C:\Users\Randy\Desktop\FRST(2).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [200704 2008-09-03] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442460 2008-09-16] (IDT, Inc.)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1662032 2008-08-27] (Dell Inc.)
    HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
    HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
    HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
    HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6697752 2014-11-24] (SUPERAntiSpyware)
    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\...\MountPoints2: {ab6aea54-dd8e-11dd-8871-806e6f6e6963} - F:\Epson.exe
    HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090108
    URLSearchHook: HKU\S-1-5-21-2438442291-234596748-2393221338-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\xfx7viw8.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2438442291-234596748-2393221338-1000: @plugin.couponnetwork.com/Coupon Print Activator;version=4.5 -> C:\Users\Randy\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-20]
    FF HKU\S-1-5-21-2438442291-234596748-2393221338-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140208,19670,0,GC32,7635
    CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140208,19670,0,GC32,7635"
    CHR DefaultSearchKeyword: Default -> yahoo
    CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140208,19669,0,GC32,7635
    CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&amp;command={searchTerms}
    CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-02]
    CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-08]
    CHR Extension: (Google Search) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-08]
    CHR Extension: (Google Wallet) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
    CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-08]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe [73728 2008-09-16] (Andrea Electronics Corporation)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
    R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe [225362 2008-09-16] (IDT, Inc.)
    R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-11-20] (Dell Inc.) [File not signed]
    R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-20] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-30] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-30 19:46 - 2014-11-30 19:47 - 00018553 _____ () C:\Users\Randy\Desktop\FRST.txt
    2014-11-30 19:44 - 2014-11-30 19:44 - 01109504 _____ (Farbar) C:\Users\Randy\Desktop\FRST(2).exe
    2014-11-29 19:48 - 2014-11-29 19:48 - 00000000 ____D () C:\Windows\LastGood
    2014-11-26 09:49 - 2014-11-26 09:49 - 00001208 _____ () C:\Users\Randy\Desktop\AdwCleaner[R7].txt
    2014-11-26 09:30 - 2014-11-26 09:30 - 02148864 _____ () C:\Users\Randy\Desktop\adwcleaner_4.102.exe
    2014-11-23 21:37 - 2014-11-23 21:37 - 00003005 _____ () C:\Users\Randy\Desktop\attach.txt
    2014-11-23 21:28 - 2014-11-23 21:28 - 00012990 _____ () C:\Users\Randy\Desktop\dds.txt
    2014-11-23 21:25 - 2014-11-23 21:26 - 00688992 ____R (Swearware) C:\Users\Randy\Downloads\dds.com
    2014-11-19 11:03 - 2014-11-19 11:03 - 00854414 _____ () C:\Users\Randy\Desktop\SecurityCheck.exe
    2014-11-19 10:14 - 2014-11-19 10:14 - 01108992 _____ (Farbar) C:\Users\Randy\Downloads\FRST(1).exe
    2014-11-19 07:49 - 2014-11-19 07:49 - 02140160 _____ () C:\Users\Randy\Downloads\AdwCleaner(1).exe
    2014-11-18 22:34 - 2014-11-26 09:50 - 00000000 ____D () C:\AdwCleaner
    2014-11-18 22:33 - 2014-11-18 22:33 - 02140160 _____ () C:\Users\Randy\Downloads\adwcleaner_4.101.exe
    2014-11-18 21:46 - 2014-11-19 10:18 - 00023972 _____ () C:\Users\Randy\Downloads\Addition.txt
    2014-11-18 21:24 - 2014-11-30 18:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-18 21:23 - 2014-11-18 21:23 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-18 21:23 - 2014-11-18 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-18 21:23 - 2014-11-18 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-18 21:23 - 2014-11-18 21:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-18 21:23 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-18 21:23 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-18 21:23 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-18 21:20 - 2014-11-18 21:20 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Randy\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-18 21:09 - 2014-11-30 19:46 - 00000000 ____D () C:\FRST
    2014-11-18 21:09 - 2014-11-19 10:18 - 00027575 _____ () C:\Users\Randy\Downloads\FRST.txt
    2014-11-18 21:08 - 2014-11-18 21:08 - 01108992 _____ (Farbar) C:\Users\Randy\Downloads\FRST.exe
    2014-11-18 21:06 - 2014-11-18 21:07 - 00200366 _____ () C:\Users\Randy\Downloads\ESETPoweliksCleaner.exe_20141118.210652.432.log
    2014-11-18 21:05 - 2014-11-18 21:06 - 00186568 _____ (ESET) C:\Users\Randy\Downloads\ESETPoweliksCleaner.exe
    2014-11-18 20:31 - 2014-11-18 20:31 - 02140160 _____ () C:\Users\Randy\Downloads\AdwCleaner.exe
    2014-11-18 20:29 - 2014-11-18 20:29 - 05598319 _____ (Swearware) C:\Users\Randy\Downloads\ComboFix.exe.part
    2014-11-18 19:37 - 2014-11-18 19:37 - 01707532 _____ (Thisisu) C:\Users\Randy\Downloads\JRT.exe
    2014-11-18 19:32 - 2014-11-18 19:32 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Randy\Downloads\rkill(1).com
    2014-11-18 19:31 - 2014-11-18 19:31 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Randy\Downloads\rkill.com
    2014-11-13 21:20 - 2014-11-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2014-11-13 21:02 - 2004-04-19 16:03 - 00079654 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLM9HA.DLL
    2014-11-13 21:02 - 2003-05-20 13:27 - 00064000 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCB9HA.DLL
    2014-11-13 21:02 - 2000-06-06 12:01 - 00034304 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCH9HA.DLL
    2014-11-13 21:01 - 2014-11-13 21:01 - 00000000 __RSH () C:\MSDOS.SYS
    2014-11-13 21:01 - 2014-11-13 21:01 - 00000000 __RSH () C:\IO.SYS
    2014-11-13 20:52 - 2014-11-17 16:13 - 00000767 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
    2014-11-13 20:52 - 2014-11-13 21:21 - 00000000 ____D () C:\Program Files\epson
    2014-11-13 20:52 - 2014-11-13 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
    2014-11-13 20:52 - 2003-07-01 00:00 - 00046080 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escimgd.dll
    2014-11-13 20:52 - 2003-07-01 00:00 - 00029696 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escwiad.dll
    2014-11-13 20:52 - 2003-07-01 00:00 - 00022528 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esccmd.dll
    2014-11-13 20:51 - 2014-11-17 16:13 - 00000210 _____ () C:\Windows\EPSON RX620 Installer.ini
    2014-11-13 20:51 - 2014-11-13 20:51 - 00001409 _____ () C:\Windows\system32\tmp312A4.FOT
    2014-11-11 16:46 - 2014-11-11 16:46 - 00000000 ____D () C:\Users\Randy\AppData\Local\Macromedia
    2014-11-11 15:41 - 2014-11-11 15:41 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-11 15:41 - 2014-11-11 15:41 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-11-11 15:41 - 2014-11-11 15:41 - 00000000 ____D () C:\Users\Randy\AppData\Roaming\Mozilla
    2014-11-11 15:41 - 2014-11-11 15:41 - 00000000 ____D () C:\Users\Randy\AppData\Local\Mozilla
    2014-11-11 15:41 - 2014-11-11 15:41 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-11-11 15:41 - 2014-11-11 15:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-11-11 15:41 - 2014-11-11 15:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-10 17:32 - 2014-11-10 17:32 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-10 12:00 - 2014-11-10 12:00 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-11-10 12:00 - 2014-11-10 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-10 11:58 - 2014-11-10 11:59 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2014-11-10 11:58 - 2014-11-10 11:59 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-07 12:15 - 2014-11-25 11:39 - 00000000 ____D () C:\Lisa
    2014-11-06 17:50 - 2014-11-06 17:50 - 00026383 _____ () C:\Users\Randy\Downloads\OIG Search Results.html
    2014-11-06 17:50 - 2014-11-06 17:50 - 00000000 ____D () C:\Users\Randy\Downloads\OIG Search Results_files
    2014-11-06 17:03 - 2014-11-11 16:46 - 00000000 ____D () C:\Users\Randy\AppData\Local\Adobe
    2014-11-06 14:41 - 2014-11-06 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-11-06 14:41 - 2014-11-06 14:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-11-06 14:40 - 2014-11-06 14:41 - 06958304 _____ (Microsoft Corporation) C:\Users\Randy\Downloads\Silverlight.exe
    2014-11-06 13:45 - 2014-11-13 20:52 - 00001428 _____ () C:\Windows\setupact.log
    2014-11-06 13:45 - 2014-11-06 13:45 - 00000000 _____ () C:\Windows\setuperr.log
    2014-11-06 12:42 - 2014-11-06 12:42 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    2014-11-06 12:41 - 2014-11-06 14:37 - 00000000 ____D () C:\Users\Randy\AppData\Roaming\ICAClient
    2014-11-06 12:41 - 2014-11-06 12:42 - 00000000 ____D () C:\ProgramData\Citrix
    2014-11-06 12:39 - 2014-11-06 12:42 - 00000000 ____D () C:\Users\Randy\AppData\Local\Citrix
    2014-11-06 12:39 - 2014-11-06 12:39 - 00000000 ____D () C:\Program Files\Common Files\Citrix
    2014-11-06 12:36 - 2014-11-06 12:37 - 53860688 _____ (Citrix Systems, Inc.) C:\Users\Randy\Downloads\CitrixReceiver.exe
    2014-11-06 12:33 - 2014-11-06 12:33 - 00001626 _____ () C:\Users\Randy\Downloads\launch (3).ica
    2014-11-06 12:04 - 2014-11-06 12:04 - 00001622 _____ () C:\Users\Randy\Downloads\launch (2).ica
    2014-11-06 12:02 - 2014-11-06 12:02 - 00001626 _____ () C:\Users\Randy\Downloads\launch (1).ica
    2014-11-06 12:01 - 2014-11-06 12:01 - 00001626 _____ () C:\Users\Randy\Downloads\launch.ica

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-30 19:45 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-30 19:45 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-30 19:37 - 2014-02-27 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-30 19:37 - 2006-11-02 04:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-30 18:00 - 2014-02-23 15:16 - 00000440 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
    2014-11-30 17:59 - 2009-01-08 08:19 - 01269120 _____ () C:\Windows\WindowsUpdate.log
    2014-11-30 08:42 - 2014-09-29 17:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-11-29 19:49 - 2010-09-18 15:18 - 00000000 ____D () C:\ProgramData\Kodak
    2014-11-29 19:49 - 2009-02-18 11:00 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{A9C0C585-D8AE-430D-AB66-4FCCC4ED4B8D}.job
    2014-11-29 19:47 - 2014-02-23 15:14 - 00000450 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
    2014-11-29 19:43 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-26 09:53 - 2006-11-02 07:01 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-11-26 09:52 - 2014-07-26 05:29 - 00015190 _____ () C:\Windows\PFRO.log
    2014-11-26 09:50 - 2013-06-02 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-11-24 14:04 - 2010-02-01 21:36 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-11-18 22:21 - 2006-11-02 06:47 - 00280720 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-18 08:46 - 2011-01-05 10:37 - 00000000 ____D () C:\temp
    2014-11-17 16:52 - 2009-02-18 10:01 - 00000000 ____D () C:\Users\Randy
    2014-11-17 01:02 - 2014-02-23 15:14 - 00000621 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133.job
    2014-11-14 07:13 - 2014-03-07 17:17 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-11-14 07:13 - 2014-03-07 17:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-11-13 20:52 - 2006-11-02 06:37 - 00000000 ____D () C:\Windows\twain_32
    2014-11-12 03:07 - 2013-07-18 15:21 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-12 03:01 - 2006-11-02 04:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-11-11 16:43 - 2014-02-27 09:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-11-11 16:43 - 2014-02-27 09:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-11-10 14:10 - 2012-12-08 15:13 - 00000000 ____D () C:\Program Files\Google
    2014-11-10 11:58 - 2013-06-16 08:32 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-11-10 11:58 - 2009-09-29 09:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-11-10 11:58 - 2009-02-22 16:03 - 00000000 ____D () C:\Program Files\iPod
    2014-11-10 11:49 - 2009-09-29 09:24 - 00000000 ____D () C:\ProgramData\Apple
    2014-11-10 05:56 - 2012-12-08 15:10 - 00000000 ____D () C:\Users\Randy\AppData\Local\Deployment
    2014-11-08 04:37 - 2014-02-23 15:14 - 00000398 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
    2014-11-06 17:46 - 2014-01-16 16:25 - 00000000 ____D () C:\Users\Randy\Documents\01-16-2014
    2014-11-06 12:42 - 2009-01-08 14:42 - 00000000 ____D () C:\Program Files\Citrix

    Files to move or delete:
    ====================
    C:\Users\Randy\iTunesSetup.exe


    Some content of TEMP:
    ====================
    C:\Users\Randy\AppData\Local\Temp\Quarantine.exe
    C:\Users\Randy\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-29 19:51

    ==================== End Of Log ============================

    Attached Files



    #9 nasdaq

    nasdaq

    • Malware Response Team
    • 40,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:08:56 PM

    Posted 01 December 2014 - 09:32 AM

    If still present remove these programs using the Add/Remove Programs applet.
    SparkTrust PC Cleaner Plus (HKLM\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.10.0 - SparkTrust) <==== ATTENTION
    InboxAce Internet Explorer Toolbar (HKLM\...\InboxAce_1gbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
    ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
    
    URLSearchHook: HKU\S-1-5-21-2438442291-234596748-2393221338-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    CHR Extension: (Google Wallet) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
    R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    Task: {07A59CFE-1E80-42DE-99D7-5FA67DB6D9C2} - System32\Tasks\SparkTrust Update Version3 => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-01-23] (SparkTrust Systems) <==== ATTENTION
    Task: {07DAD0A2-C431-4949-A2E6-C48FC7D536D4} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-23] (SparkTrust Systems) <==== ATTENTION
    Task: {78E7FCD6-8A5F-48D7-97B0-630C49C6F36F} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133 => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
    Task: {F269B1DD-806B-4C29-B681-AD126ECA052B} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
    Task: {F3EAD06E-A162-4F67-AA6E-6E4095469E0E} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-01-23] (SparkTrust Systems) <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log Fixlog.txt please post it to your reply.
    ===

    How is the the computer running now?

    #10 Taiter

    Taiter
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:07:56 PM

    Posted 01 December 2014 - 09:58 AM

    This is going to sound ridiculous, however, I still can't figure out how to create a folder on this desktop.  This is not my computer, but I was kind enough to crap it up for someone :)  I'm trying...



    #11 Taiter

    Taiter
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:07:56 PM

    Posted 01 December 2014 - 10:20 AM

    Seems to be running high again...does 81 processes sound right?

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-11-2014 01
    Ran by Randy at 2014-12-01 09:09:14 Run:1
    Running from C:\Users\Randy\Desktop
    Loaded Profile: Randy (Available profiles: Randy)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start

    URLSearchHook: HKU\S-1-5-21-2438442291-234596748-2393221338-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    CHR Extension: (Google Wallet) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
    R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    Task: {07A59CFE-1E80-42DE-99D7-5FA67DB6D9C2} - System32\Tasks\SparkTrust Update Version3 => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-01-23] (SparkTrust Systems) <==== ATTENTION
    Task: {07DAD0A2-C431-4949-A2E6-C48FC7D536D4} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-23] (SparkTrust Systems) <==== ATTENTION
    Task: {78E7FCD6-8A5F-48D7-97B0-630C49C6F36F} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133 => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
    Task: {F269B1DD-806B-4C29-B681-AD126ECA052B} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
    Task: {F3EAD06E-A162-4F67-AA6E-6E4095469E0E} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-01-23] (SparkTrust Systems) <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

    End
    *****************

    HKU\S-1-5-21-2438442291-234596748-2393221338-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
    "HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => Key deleted successfully.
    C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    yksvc => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07A59CFE-1E80-42DE-99D7-5FA67DB6D9C2}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07A59CFE-1E80-42DE-99D7-5FA67DB6D9C2}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SparkTrust Update Version3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07DAD0A2-C431-4949-A2E6-C48FC7D536D4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DAD0A2-C431-4949-A2E6-C48FC7D536D4}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3 Startup Task" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78E7FCD6-8A5F-48D7-97B0-630C49C6F36F}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78E7FCD6-8A5F-48D7-97B0-630C49C6F36F}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F269B1DD-806B-4C29-B681-AD126ECA052B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F269B1DD-806B-4C29-B681-AD126ECA052B}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SparkTrust Registration3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Registration3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3EAD06E-A162-4F67-AA6E-6E4095469E0E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3EAD06E-A162-4F67-AA6E-6E4095469E0E}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3_triggeronce" => Key deleted successfully.
    C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_7C3F406A-9CCF-11E3-8331-0023AE0D0133.job => Moved successfully.
    C:\Windows\Tasks\SparkTrust Registration3.job => Moved successfully.
    C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => Moved successfully.
    C:\Windows\Tasks\SparkTrust Update Version3.job => Moved successfully.
    C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => Moved successfully.

    ==== End of Fixlog ====



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 40,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:08:56 PM

    Posted 01 December 2014 - 11:37 AM

    Please Download and run the ComboFix tool.

    This is going to sound ridiculous, however, I still can't figure out how to create a folder on this desktop. This is not my computer, but I was kind enough to crap it up for someone

    If you Right click on the desktiop do your have a "New" option?
    Then you can add a new folder.
    ===

    How to use ComboFix
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Follow the instructions on the page.

    Post the content of the C:\ComboFix.txt file for my review.

    p.s.
    When all is well you can remove the tool by following the Uninstall instructions on the same page.

    ====

    #13 Taiter

    Taiter
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:07:56 PM

    Posted 01 December 2014 - 12:51 PM

    ComboFix 14-12-01.01 - Randy 12/01/2014  11:36:55.1.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3034.1289 [GMT -6:00]
    Running from: c:\users\Randy\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-11-01 to 2014-12-01  )))))))))))))))))))))))))))))))
    .
    .
    2014-12-01 17:45 . 2014-12-01 17:45    --------    d-----w-    c:\users\Randy\AppData\Local\temp
    2014-12-01 17:45 . 2014-12-01 17:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-12-01 08:19 . 2014-12-01 08:19    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{82C9954C-4B31-4748-BA4C-3B3AEA4DED4F}\offreg.dll
    2014-11-30 01:54 . 2014-11-02 04:17    8941456    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{82C9954C-4B31-4748-BA4C-3B3AEA4DED4F}\mpengine.dll
    2014-11-30 01:48 . 2014-11-30 01:48    --------    d-----w-    c:\windows\LastGood
    2014-11-19 04:34 . 2014-11-26 15:50    --------    d-----w-    C:\AdwCleaner
    2014-11-19 03:24 . 2014-12-01 17:18    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-19 03:23 . 2014-11-19 03:23    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
    2014-11-19 03:23 . 2014-11-19 03:23    --------    d-----w-    c:\programdata\Malwarebytes
    2014-11-19 03:23 . 2014-10-01 17:11    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
    2014-11-19 03:23 . 2014-10-01 17:11    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-19 03:23 . 2014-10-01 17:11    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2014-11-19 03:09 . 2014-12-01 15:09    --------    d-----w-    C:\FRST
    2014-11-14 03:02 . 2004-04-19 22:03    79654    ----a-w-    c:\windows\system32\E_FLM9HA.DLL
    2014-11-14 03:02 . 2003-05-20 19:27    64000    ----a-w-    c:\windows\system32\E_FBCB9HA.DLL
    2014-11-14 03:02 . 2000-06-06 18:01    34304    ----a-w-    c:\windows\system32\E_FBCH9HA.DLL
    2014-11-14 03:00 . 2006-11-02 09:46    32768    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\EP0NPP01.DLL
    2014-11-14 02:52 . 2014-11-14 03:21    --------    d-----w-    c:\program files\epson
    2014-11-14 02:52 . 2003-07-01 06:00    46080    ----a-w-    c:\windows\system32\escimgd.dll
    2014-11-14 02:52 . 2003-07-01 06:00    29696    ----a-w-    c:\windows\system32\escwiad.dll
    2014-11-14 02:52 . 2003-07-01 06:00    22528    ----a-w-    c:\windows\system32\esccmd.dll
    2014-11-14 02:51 . 2014-11-14 02:51    1409    ----a-w-    c:\windows\system32\tmp312A4.FOT
    2014-11-11 22:46 . 2014-11-11 22:46    --------    d-----w-    c:\users\Randy\AppData\Local\Macromedia
    2014-11-11 21:41 . 2014-11-11 21:41    --------    d-----w-    c:\users\Randy\AppData\Local\Mozilla
    2014-11-11 21:41 . 2014-11-11 21:41    --------    d-----w-    c:\program files\Mozilla Maintenance Service
    2014-11-10 23:32 . 2014-11-10 23:32    --------    d-----w-    c:\windows\ERUNT
    2014-11-10 17:58 . 2014-11-10 17:59    --------    d-----w-    c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2014-11-10 17:58 . 2014-11-10 17:59    --------    d-----w-    c:\program files\iTunes
    2014-11-07 18:15 . 2014-11-25 17:39    --------    d-----w-    C:\Lisa
    2014-11-06 23:03 . 2014-11-11 22:46    --------    d-----w-    c:\users\Randy\AppData\Local\Adobe
    2014-11-06 20:41 . 2014-11-06 20:41    --------    d-----w-    c:\program files\Microsoft Silverlight
    2014-11-06 18:41 . 2014-11-06 20:37    --------    d-----w-    c:\users\Randy\AppData\Roaming\ICAClient
    2014-11-06 18:41 . 2014-11-06 18:42    --------    d-----w-    c:\programdata\Citrix
    2014-11-06 18:39 . 2014-11-06 18:42    --------    d-----w-    c:\users\Randy\AppData\Local\Citrix
    2014-11-06 18:39 . 2014-11-06 18:39    --------    d-----w-    c:\program files\Common Files\Citrix
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-24 20:04 . 2010-02-02 03:36    229000    ------w-    c:\windows\system32\MpSigStub.exe
    2014-11-11 22:43 . 2014-02-27 15:33    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-11 22:43 . 2014-02-27 15:33    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-21 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-24 6697752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-17 442460]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
    "Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
    "EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2014-09-03 395616]
    "Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2014-09-03 153952]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-01-08 20:42    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2008-11-20 10:20    3563520    ----a-w-    c:\windows\System32\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-09-17 05:23    170520    ----a-w-    c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-09-17 05:23    150040    ----a-w-    c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 20:06    128296    ------w-    c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-09-17 05:23    145944    ----a-w-    c:\windows\System32\igfxpers.exe
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe [2008-09-17 73728]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-27 22:43]
    .
    2014-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A9C0C585-D8AE-430D-AB66-4FCCC4ED4B8D}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\xfx7viw8.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    AddRemove-{35827710-D042-428B-A1E5-E20E12D2FEB9} - c:\program files\SparkTrust\SparkTrust PC Cleaner Plus\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-12-01 11:45
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2014-12-01  11:48:12
    ComboFix-quarantined-files.txt  2014-12-01 17:48
    .
    Pre-Run: 36,661,198,848 bytes free
    Post-Run: 36,616,347,648 bytes free
    .
    - - End Of File - - 53E9B1C17FBD7E942962FEB4D3C5A4D0
    CDB4DE4BBD714F152979DA2DCBEF57EB
     



    #14 Taiter

    Taiter
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:07:56 PM

    Posted 01 December 2014 - 12:53 PM

    nasdaq,

     

    Indeed...you would think right click and new would do the trick but it only allows a zipped folder.  After combo should I have restarted?



    #15 nasdaq

    nasdaq

    • Malware Response Team
    • 40,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:08:56 PM

    Posted 02 December 2014 - 07:38 AM

    Refer to this article for you New Folder issue.

    Follow the recommended fix in post no. 2.
    http://www.tomshardware.com/forum/17244-63-cannot-create-folders-desktop

    ===

    How is the computer running now?




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users