Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG blocked by group policy and browser connection issues


  • Please log in to reply
14 replies to this topic

#1 pcbigos

pcbigos

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 02 December 2014 - 06:20 AM

Hi All Good People of Bleeping Computer

 

Firs of all I'd like to mention that I'm not really great with computers so please be gentle with me:)

 

My friend who is even less clued up on these things than me, has asked me for help with his laptop and there is what I've got for you:

 

From what I could get from him in very non-computer language, while browsing (can't remember what) he has OK'ed a pop-up box that looked like AVG update prompt (same colours and fonts), After that the first symptoms of something going wrong was that internet exlorer started comming up with "connection issues" when trying ti login to some of his online accounts like home.bt.com and then try "EMAIL" or "My BT" links (works on my computer). When I got his laptop I've tried to start AVG 2014 free edition that was instaled on his  and got the message that it was blocked by group policy... and to contact the administrator. Also tried Chrom that was on his system and also would vork but the link in the adress bar changed to something with "...avg/search..." in the middle.

 

I've removed his hard drive and connected it to my PC and scanned it with my AVG 2015 that has found and removed some issues (one of the was a some banking Trojan but can't remember the name). I then put the HDD back in his laptop, remowed Chrome and run AdwCleaner, JRT and MalwareBytes Anti-Maleware and further found and removed some issues mainly WebSearch related.

 

What has changed after that was that the AVG must have managed to update itself as the Windows Security Center stopped poping up and it now comes up as ANG data base up to date. However I still have the same issue trying to login to his account at bt.com using internet explorer (his favoured browser:)) and AVG still wont run blocked by group policy. When I've put Chrome back on his system I could get to those websites but not on internet explorer.

 

He's running Windows Vista Home Premium SP2 on Packard Bell Easy Note TN36 32 bit laptop

 

I've run out of ideas so I'm asking you guys for help. I've seen on the forum you've help some other people with the same issue so hopefully you can help me as well.

 

As in the formu's instructions please find attached zip file and below DDS log file posted.

 

Thank you in advance

pcbigos

 

================================================================================

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16592
Run by IAN at 10:00:37 on 2014-12-02
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3000.1498 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\lxcecoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=1009&m=easynote_tn36
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=1009&m=easynote_tn36
uProxyOverride = <local>
uURLSearchHooks: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
uURLSearchHooks: {6d010537-9e99-400b-b652-b0d5a5757e5d} - <orphaned>
mURLSearchHooks: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: RecipesBar Toolbar: {D70F2DE6-51E2-42D4-9077-4CA06CAFC836} - c:\program files\recipesbar\tbReci.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LMgrOSD] "c:\program files\launch manager\OSD.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NPSStartup] <no file>
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{D0D53157-8638-4216-9BEA-CE7247890A1C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D25A7023-5DD6-4450-ABA8-B91C36472B53} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-29 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-21 200984]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-10-24 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-20 197400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-11-7 289328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2014-1-23 30312]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2014-1-23 36608]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-11-7 3658752]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2014-1-23 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2014-1-23 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2014-1-23 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2014-1-23 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2014-1-23 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2014-1-23 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2014-1-23 98152]
S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-10-28 118784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-11-26 23:52:06 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-26 23:28:28 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e587128a-4087-4045-8bce-45bfb9743e29}\mpengine.dll
2014-11-26 22:00:26 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-26 22:00:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-26 22:00:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-26 22:00:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-26 22:00:11 -------- d-----w- c:\programdata\Malwarebytes
2014-11-26 22:00:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-26 21:50:54 -------- d-----w- c:\windows\ERUNT
2014-11-26 21:41:59 -------- d-----w- C:\AdwCleaner
2014-11-26 19:55:30 -------- d-----w- C:\VIRUS REMOVAL PROGRAMS
2014-11-12 23:19:27 -------- d-----w- c:\users\ian\appdata\local\Avg
2014-11-12 23:19:17 -------- d-----w- c:\programdata\AVG2015
2014-11-12 22:54:44 -------- d-----w- c:\users\ian\appdata\local\Avg2015
2014-11-12 22:40:22 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 22:40:20 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 22:40:18 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 22:40:18 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 22:39:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 22:39:25 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 22:38:51 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 22:38:30 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-12 22:37:04 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 22:35:31 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 22:35:31 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 22:35:31 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 22:35:31 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 22:35:15 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 22:29:18 2054656 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2014-11-04 14:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-10-24 10:20:12 189720 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-10-20 15:14:14 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
.
============= FINISH: 10:01:06.26 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 07 December 2014 - 06:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/558354 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 pcbigos

pcbigos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 09 December 2014 - 09:20 AM

Hi

 

Please find up to date logs as requested:

 

======================================================================================

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16592
Run by IAN at 14:14:33 on 2014-12-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3000.1762 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\lxcecoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=1009&m=easynote_tn36
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=1009&m=easynote_tn36
uProxyOverride = <local>
uURLSearchHooks: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
uURLSearchHooks: {6d010537-9e99-400b-b652-b0d5a5757e5d} - <orphaned>
mURLSearchHooks: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: RecipesBar Toolbar: {D70F2DE6-51E2-42D4-9077-4CA06CAFC836} - c:\program files\recipesbar\tbReci.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: RecipesBar Toolbar: {d70f2de6-51e2-42d4-9077-4ca06cafc836} - c:\program files\recipesbar\tbReci.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LMgrOSD] "c:\program files\launch manager\OSD.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NPSStartup] <no file>
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{D0D53157-8638-4216-9BEA-CE7247890A1C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D25A7023-5DD6-4450-ABA8-B91C36472B53} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-29 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-21 200984]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-10-24 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-20 197400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-11-7 289328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2014-1-23 30312]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2014-1-23 36608]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-11-7 3658752]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2014-1-23 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2014-1-23 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2014-1-23 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2014-1-23 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2014-1-23 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2014-1-23 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2014-1-23 98152]
S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-10-28 118784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-11-26 23:52:06 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-26 23:28:28 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e587128a-4087-4045-8bce-45bfb9743e29}\mpengine.dll
2014-11-26 22:00:26 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-26 22:00:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-26 22:00:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-26 22:00:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-26 22:00:11 -------- d-----w- c:\programdata\Malwarebytes
2014-11-26 22:00:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-26 21:50:54 -------- d-----w- c:\windows\ERUNT
2014-11-26 21:41:59 -------- d-----w- C:\AdwCleaner
2014-11-26 19:55:30 -------- d-----w- C:\VIRUS REMOVAL PROGRAMS
2014-11-12 23:19:27 -------- d-----w- c:\users\ian\appdata\local\Avg
2014-11-12 23:19:17 -------- d-----w- c:\programdata\AVG2015
2014-11-12 22:54:44 -------- d-----w- c:\users\ian\appdata\local\Avg2015
2014-11-12 22:40:22 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 22:40:20 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 22:40:18 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 22:40:18 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 22:39:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 22:39:25 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 22:38:51 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 22:38:30 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-12 22:37:04 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 22:35:31 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 22:35:31 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 22:35:31 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 22:35:31 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 22:35:15 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 22:29:18 2054656 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2014-11-04 14:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-10-24 10:20:12 189720 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-10-20 15:14:14 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 14:15:26.05 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 09 December 2014 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 pcbigos

pcbigos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 09 December 2014 - 11:57 AM

Hi Nasdaq nice to hear from you.

 

The computer apart from the issues mention in the last post seams to be running OK.

 

As requested AdwCleaner and FRST logs below and Addition.zip attached

 

=================================================================================================

 

# AdwCleaner v4.105 - Report created 09/12/2014 at 15:57:36
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : IAN - IAN-PC
# Running from : C:\VIRUS REMOVAL PROGRAMS\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Yahoo! Companion
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16592
 
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [12041 octets] - [26/11/2014 21:42:03]
AdwCleaner[R1].txt - [1301 octets] - [09/12/2014 15:54:12]
AdwCleaner[S0].txt - [12247 octets] - [26/11/2014 21:45:00]
AdwCleaner[S1].txt - [1230 octets] - [09/12/2014 15:57:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1290 octets] ##########
 
====================================================================================================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by IAN (administrator) on IAN-PC on 09-12-2014 16:04:04
Running from C:\Users\IAN\Desktop\FARBAR
Loaded Profile: IAN (Available profiles: IAN & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
( ) C:\Windows\System32\lxcecoms.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 4300 Series\lxcemon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 4300 Series\ezprint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SmpcSys] => C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136 2008-07-08] (Packard Bell BV)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-07-25] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1328424 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [430080 2008-05-16] (Wistron Corp.)
HKLM\...\Run: [OM2_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [LXCECATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [lxcemon.exe] => C:\Program Files\Lexmark 4300 Series\lxcemon.exe [205744 2007-03-08] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 4300 Series\ezprint.exe [103344 2007-03-08] (Lexmark International Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\...\Run: [SmpcSys] => C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-08] (Packard Bell BV)
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\...\Run: [OM2_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-10-28] (Google Inc.)
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\...\MountPoints2: {064be76b-d765-11de-934f-001f161142cf} - H:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\IAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=1009&m=easynote_tn36
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=1009&m=easynote_tn36
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: HKLM - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} -  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> {6849D014-D01F-4D51-9FAE-C650936968B0} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: RecipesBar Toolbar -> {d70f2de6-51e2-42d4-9077-4ca06cafc836} -> C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Toolbar: HKLM - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} -  No File
Toolbar: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> RecipesBar Toolbar - {D70F2DE6-51E2-42D4-9077-4CA06CAFC836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} https://register.btinternet.com/templates/btmailcontrol013.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-14]
 
Chrome: 
=======
CHR Profile: C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-02]
CHR Extension: (Google Drive) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-02]
CHR Extension: (YouTube) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-02]
CHR Extension: (Google Search) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-02]
CHR Extension: (Google Sheets) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-02]
CHR Extension: (Google Wallet) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
CHR Extension: (Gmail) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-02]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-11-07] (Macrovision Europe Ltd.) [File not signed]
R2 lxce_device; C:\Windows\system32\lxcecoms.exe [537520 2007-03-08] ( )
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-24] (Alcatel-Lucent) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2008-01-15] (Wistron Corp.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [148192 2008-07-18] (Realtek Semiconductor Corp.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-09 16:03 - 2014-12-09 16:04 - 00000000 ____D () C:\FRST
2014-12-09 15:49 - 2014-12-09 16:04 - 00000000 ____D () C:\Users\IAN\Desktop\FARBAR
2014-12-02 11:01 - 2014-12-02 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-27 20:38 - 2014-11-27 21:06 - 00000034 _____ () C:\Windows\setupact.log
2014-11-27 20:38 - 2014-11-27 20:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-26 23:52 - 2014-10-24 01:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-26 22:12 - 2014-11-26 22:12 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-11-26 22:00 - 2014-11-26 22:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 22:00 - 2014-11-26 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-26 22:00 - 2014-11-26 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-26 22:00 - 2014-11-26 22:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-26 22:00 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-26 22:00 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-26 22:00 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-26 21:50 - 2014-11-26 21:50 - 00000000 ____D () C:\Windows\ERUNT
2014-11-26 21:46 - 2014-12-09 15:58 - 00026330 _____ () C:\Windows\PFRO.log
2014-11-26 21:41 - 2014-12-09 15:57 - 00000000 ____D () C:\AdwCleaner
2014-11-12 23:19 - 2014-11-12 23:23 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-12 23:19 - 2014-11-12 23:19 - 00000000 ____D () C:\Users\IAN\AppData\Local\Avg
2014-11-12 23:19 - 2014-11-12 23:19 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg
2014-11-12 23:13 - 2014-11-12 23:14 - 00000029 _____ () C:\Users\IAN\Desktop\AVG key.txt
2014-11-12 22:54 - 2014-11-12 22:54 - 00000000 ____D () C:\Users\IAN\AppData\Local\Avg2015
2014-11-12 22:40 - 2014-10-10 01:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 22:40 - 2014-10-10 01:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 22:40 - 2014-10-10 01:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 22:40 - 2014-10-09 23:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 22:39 - 2014-08-27 00:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 22:39 - 2014-08-27 00:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 22:38 - 2014-10-24 01:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 22:38 - 2014-09-19 00:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 22:37 - 2014-08-12 02:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 22:35 - 2014-10-18 01:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 22:35 - 2014-10-03 01:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 22:35 - 2014-10-03 01:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 22:35 - 2014-10-03 01:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 22:35 - 2014-10-03 01:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 22:29 - 2014-10-12 23:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 21:53 - 2014-10-27 19:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 21:53 - 2014-10-27 19:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 21:53 - 2014-10-27 19:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 21:53 - 2014-10-27 18:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 21:53 - 2014-10-27 18:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 21:53 - 2014-10-27 18:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 21:53 - 2014-10-27 18:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 21:53 - 2014-10-27 18:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 21:53 - 2014-10-27 18:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 21:53 - 2014-10-27 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 21:53 - 2014-10-27 18:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 21:53 - 2014-10-27 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 21:53 - 2014-10-27 18:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 21:53 - 2014-10-27 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 21:53 - 2014-10-27 18:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 21:53 - 2014-10-27 18:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 21:53 - 2014-10-27 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 21:53 - 2014-10-27 18:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 21:53 - 2014-10-27 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 21:53 - 2014-10-27 18:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 21:53 - 2014-10-27 18:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-09 16:03 - 2009-10-28 03:53 - 01345169 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 15:59 - 2013-06-03 08:56 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-09 15:59 - 2013-02-09 19:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 15:59 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 15:59 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:59 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:58 - 2006-11-02 13:01 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-09 15:33 - 2013-02-09 19:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-09 13:56 - 2011-01-29 22:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-02 14:20 - 2011-01-29 22:25 - 00000000 ____D () C:\Program Files\AVG
2014-12-02 11:01 - 2009-10-28 01:08 - 00000000 ____D () C:\Users\IAN\AppData\Local\Google
2014-12-02 11:01 - 2009-10-28 00:43 - 00000000 ____D () C:\Program Files\Google
2014-12-02 09:20 - 2014-05-16 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-27 22:05 - 2010-11-03 22:28 - 00000000 ____D () C:\Program Files\RecipesBar
2014-11-27 22:01 - 2014-01-23 14:03 - 00000000 ____D () C:\Users\IAN\AppData\Roaming\Samsung
2014-11-27 22:01 - 2009-10-28 00:42 - 00000000 ____D () C:\Users\IAN
2014-11-27 22:00 - 2008-11-07 11:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-27 20:59 - 2008-11-07 10:35 - 00000000 ___HD () C:\ACER
2014-11-26 23:43 - 2009-10-28 01:20 - 00020148 _____ () C:\Users\IAN\AppData\Roaming\wklnhst.dat
2014-11-26 23:36 - 2014-05-16 11:28 - 00000000 ____D () C:\Users\IAN\Documents\CCLEANER REGISTERY BACKUP FILES
2014-11-13 06:46 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-12 23:25 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 23:07 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 23:04 - 2009-10-28 00:44 - 00000000 ____D () C:\Users\IAN\AppData\Local\Packard Bell
2014-11-12 22:59 - 2014-05-16 11:23 - 00000000 ____D () C:\Users\IAN\Downloads\SOFTWARE
2014-11-12 22:50 - 2006-11-02 12:47 - 00301008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 22:40 - 2008-11-07 11:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 22:34 - 2013-08-19 20:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 22:29 - 2006-11-02 10:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-11 03:25 - 2009-11-22 17:43 - 00000000 ____D () C:\Program Files\Lx_cats
 
Files to move or delete:
====================
C:\Users\USB Drivers\dgderapi.dll
C:\Users\USB Drivers\DIFxAPI.dll
 
 
Some content of TEMP:
====================
C:\Users\IAN\AppData\Local\Temp\GdiPlus.dll
C:\Users\IAN\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\IAN\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\IAN\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\IAN\AppData\Local\Temp\Quarantine.exe
C:\Users\IAN\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-09 16:05
 
==================== End Of Log ============================

 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 09 December 2014 - 02:23 PM

Did you set this proxy service?
ProxyServer: [.DEFAULT] => http=127.0.0.1:5555

===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM\...\Run: [NPSStartup] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
URLSearchHook: HKLM - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} -  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RecipesBar Toolbar -> {d70f2de6-51e2-42d4-9077-4ca06cafc836} -> C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Toolbar: HKLM - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKLM - No Name - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} -  No File
Toolbar: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> RecipesBar Toolbar - {D70F2DE6-51E2-42D4-9077-4CA06CAFC836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll No File
CHR Extension: (Google Wallet) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {ABED1ACE-C33C-4847-B962-5F8FA771CEC9} - \Driver Robot No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 pcbigos

pcbigos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 09 December 2014 - 04:47 PM

Wouldn't know how to do it and don't even know what a proxy service is mate:)

 

Done what you told us and the AVG is back on:) but IE still comes up with "connection issue" as below:

 

for the website: signin1.bt.com/login/emailloginform

         Internet Explorer cannot display the webpage

                  This problem can be caused by a variety of issues, including:

  •                       Internet connectivity has been lost.
  •                       The website is temporarily unavailable.
  •                       The Domain Name Server (DNS) is not reachable.
  •                       The Domain Name Server (DNS) does not have a listing for the website's domain.
  •                       There might be a typing error in the address.
  •                       If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS                       protocols are enabled under the security section.

 

                  For offline users

                  You can still view subscribed feeds and some recently viewed webpages.
                  To view subscribed feeds:

  1.                   Click the Favorites button , click Feeds, and then click the feed you want to view.

 

                  To view recently visited webpages (might not work on all pages):

  1.                   Press Alt, click File, and then click Work Offline.
  2.                   Click the Favorites button , click History, and then click the page you want to view.

No problems with accessing this website through Chrome that was installed after the initial clean-up.

 

Logs as requested below:

 

====================================================================================================================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2014
Ran by IAN at 2014-12-09 20:09:02 Run:1
Running from C:\Users\IAN\Desktop\FARBAR
Loaded Profile: IAN (Available profiles: IAN & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [NPSStartup] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
URLSearchHook: HKLM - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} -  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RecipesBar Toolbar -> {d70f2de6-51e2-42d4-9077-4ca06cafc836} -> C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Toolbar: HKLM - RecipesBar Toolbar - {d70f2de6-51e2-42d4-9077-4ca06cafc836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKLM - No Name - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} -  No File
Toolbar: HKU\S-1-5-21-926869686-2865035144-2339008316-1000 -> RecipesBar Toolbar - {D70F2DE6-51E2-42D4-9077-4CA06CAFC836} - C:\Program Files\RecipesBar\tbReci.dll (Conduit Ltd.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll No File
CHR Extension: (Google Wallet) - C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {ABED1ACE-C33C-4847-B962-5F8FA771CEC9} - \Driver Robot No Task File <==== ATTENTION
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d70f2de6-51e2-42d4-9077-4ca06cafc836} => value deleted successfully.
"HKCR\CLSID\{d70f2de6-51e2-42d4-9077-4ca06cafc836}" => Key deleted successfully.
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d70f2de6-51e2-42d4-9077-4ca06cafc836} => value deleted successfully.
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d010537-9e99-400b-b652-b0d5a5757e5d} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d70f2de6-51e2-42d4-9077-4ca06cafc836}" => Key deleted successfully.
"HKCR\CLSID\{d70f2de6-51e2-42d4-9077-4ca06cafc836}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d70f2de6-51e2-42d4-9077-4ca06cafc836} => value deleted successfully.
"HKCR\CLSID\{d70f2de6-51e2-42d4-9077-4ca06cafc836}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} => value deleted successfully.
"HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} => value deleted successfully.
"HKCR\CLSID\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5}" => Key not found.
HKU\S-1-5-21-926869686-2865035144-2339008316-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D70F2DE6-51E2-42D4-9077-4CA06CAFC836} => value deleted successfully.
"HKCR\CLSID\{D70F2DE6-51E2-42D4-9077-4CA06CAFC836}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
"HKLM\Software\MozillaPlugins\@OnlineMapFinder_9p.com/Plugin" => Key deleted successfully.
C:\Users\IAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
IpInIp => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABED1ACE-C33C-4847-B962-5F8FA771CEC9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABED1ACE-C33C-4847-B962-5F8FA771CEC9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Robot" => Key deleted successfully.
 
==== End of Fixlog ====
 
========================================================================================================================
 
 Results of screen317's Security Check version 0.99.91  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 CCleaner     
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 
 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 10 December 2014 - 07:42 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:5555 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If required press the Apply button.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Restart the computer normally to reset the registry.

====

If the problem continues with IE execute this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

How is the computer running now?

#9 pcbigos

pcbigos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 10 December 2014 - 10:23 PM

Did all that and still no change with IE

 

New issue is that while I was away from the computer Mr. "helping hand...:)" unfortunately tried to resolve the issue on his own and managed to uninstall updates for the IE what left us with IE7. I tried to install IE9 back on but despite of successful installation will only run IE7:( so will have to either research that or just use Chrome instead. IE7 runs slow like hell and still has the same issues, it also keeps crashing on various web sites what dose my absolute headin'

 

Could you just tell me if this computer is safe now and can be use for internet banking and stuff like that using Chrome please? If we can't cure it before Thursday night I'll have to hand it back to my friend as I'm going away for Christmas and wouldn't like to leave him without the laptop.

 

Regards

pcbigos



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 11 December 2014 - 08:42 AM

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • Click on Repairs
  • Click Open repairs - Icon in the bottom right corner
  • Click the Unselect All button then select just the item(s) below
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
01 - Repair Registry Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
07 - Repair Internet Explorer
08 - Repair MDAC/MS Jet
09 - Repair HOSTS File
10 - Remove Policies Set By Infections
13 - Repair Winsock & DNS Cache
14 - Removed Temp Files
15 - Repair Proxy Settings
17 - Repair Windows Updates
19 - Repair Volume Shadow Copy Service
20 - Repair Windows Sidebar/Gadgets
21 - Repair MSI (Windows Installer)
22 - Repair Windows Snipping tool
26 - Restore Important Windows Services
27 - Set Windows Service to Default Startup
28 - Repair Windows 8 Apps Store

As for the security for banking I would change my password just to be on the safe side.

How is the computer running now?

#11 pcbigos

pcbigos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 11 December 2014 - 03:06 PM

All done

 

No error messages during or at the end of the process just the box to restart the system - done

 

(I have disabled AVG temporarily for the repair tool to work as it said at the bottom of the screen)

 

No changes to the IE issue otherwise computer is running fine

 

:(

 

I will tell him to reset his password



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 12 December 2014 - 07:55 AM

Ask him to run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 18 December 2014 - 09:28 AM

Are you still with me?

#14 pcbigos

pcbigos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 19 December 2014 - 05:53 AM

Hi. Sorry nasdaq I just got to your message. I've gone abroad to see my family for christmas. I'll be back in the country mid January. If that's ok I'll get back to you then on the same post. All the best for Xmas and a Happy New Year😀

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 19 December 2014 - 08:55 AM

Keep me posted in January.

Have a good Holiday.

Edited by nasdaq, 19 December 2014 - 08:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users