zombi2
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by zombi2
-
Not sure if I got the Alactro toolbar as I was locked out of that laptop shortly after (unrelated issues), but it seems like a repainted Chrome. Had some good features I thought but I'm not so sure about security.
-
I hadn't seen your post when I was making mine. The gaps are just one large space in the log to the text cursor so when you copy and paste it shows up a single space, not the multiple needed for it look the same. So I took a screenshot (or picture, I fail to see the difference), and uploaded it. Then it dawned on me why I couldn't find any logs on this forum that looked that way: nobody posts their logs using photobucket!
-
Nevermind, I just realized why I never see them like that!
-
I guess it won't post that way either so here's a pic
-
I ran DDS to show my brother what it does and all the info under "Last 30 Days" and "Find 3M" are oddly uniform and full of gaps. Ex: 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:43:1216384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe I had to re-create this since the gaps only constitute one space regardless of size, but is this indicative of a problem? I haven't had any issues lately but I've never seen dds logs that look like this.
-
I was unaware of this before today but I am a little intrigued by a few of it's features. Though of course like a lot of new software brands there are claims about malicious intent, I'm guessing these WOT ratings probably say all I need to know about that: But I'm still wondering if it's worth getting since the only reviews I've seen are from sites I'm not familiar with and and searching "torch browser" on a few tech forums resulted in no hits. :? Has anyone tried this?
-
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
All done, and I bookmarked the links. Thanks so much for all your help! Cheers -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
ComboFix 13-02-03.03 - z 02/05/2013 15:38:15.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4565 [GMT -8:00] Running from: c:\users\z\.swt\Downloads\Contacts\Desktop\ComboFix.exe Command switches used :: c:\users\z\.swt\Downloads\Contacts\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\z\.swt\Downloads\10_8.exe" "c:\users\z\.swt\Downloads\Downloads\10_8.exe" "c:\users\z\.swt\Downloads\jak.htm" "c:\users\z\.swt\Downloads\jak_001.htm" "c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251" "c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\z\.swt\Downloads\10_8.exe c:\users\z\.swt\Downloads\Downloads\10_8.exe c:\users\z\.swt\Downloads\jak.htm c:\users\z\.swt\Downloads\jak_001.htm . . ((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 ))))))))))))))))))))))))))))))) . . 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC.000\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\dwayne\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-05 22:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52066E1F-8327-4433-94FE-0B349F9BCA29}\mpengine.dll 2013-02-05 08:51 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-03 21:11 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F541064-4E5A-46CF-A492-081BFAFD043F}\gapaengine.dll 2013-02-01 08:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9695A6C0-4CEA-456D-AEF7-67197F4C9227}\mpengine.dll 2013-02-01 07:01 . 2013-02-01 07:02 -------- d-----w- C:\Downloads 2013-01-30 06:02 . 2013-01-30 06:02 -------- d-----w- c:\users\dwayne\AppData\Local\Oberon Media 2013-01-20 01:35 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Free Download Manager 2013-01-19 07:36 . 2013-01-19 07:36 -------- d-----w- c:\users\dwayne\AppData\Roaming\Shockwave 2013-01-18 00:51 . 2013-01-28 18:26 -------- d-----w- c:\program files\Old Movie Maker 2013-01-10 17:58 . 2013-01-28 18:22 -------- d-----w- c:\program files (x86)\ESET 2013-01-10 15:45 . 2013-01-28 18:26 -------- d-----w- c:\windows\ERUNT 2013-01-10 15:44 . 2013-02-03 21:29 -------- d-----w- C:\JRT 2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-09 10:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 10:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 10:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 10:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 10:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 10:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 10:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 10:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 10:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 10:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 08:41 . 2013-01-09 08:41 -------- d-----w- c:\users\z\AppData\Roaming\Malwarebytes 2013-01-09 08:40 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Malwarebytes 2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-09 08:40 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\users\z\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-01 16:41 . 2011-09-02 04:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2013-01-30 10:53 . 2012-01-29 17:45 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 11:03 . 2012-09-13 10:00 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-01 20:53 . 2012-02-12 09:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2013-01-01 20:53 . 2012-02-12 09:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-01-01 20:53 . 2012-02-12 09:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2013-01-01 20:53 . 2012-02-12 09:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-12-16 17:11 . 2012-12-22 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 08:18 . 2012-03-30 16:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-07 08:18 . 2011-12-10 05:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-05 17:38 . 2012-02-27 01:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-12-05 17:37 . 2012-02-25 20:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-12-05 17:37 . 2012-02-25 20:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-30 04:45 . 2013-01-09 10:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 18:52 . 2012-11-29 18:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-11-29 18:52 . 2012-11-29 18:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-11-29 12:40 . 2012-02-25 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-11-29 12:40 . 2012-02-27 01:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-11-29 12:39 . 2012-02-27 01:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-11-29 12:39 . 2012-02-27 01:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-23 10:29 . 2012-11-23 10:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-23 10:29 . 2011-12-09 03:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-15 20:46 . 2012-02-25 20:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-14 07:06 . 2012-12-13 11:00 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 11:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 11:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 11:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 11:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 11:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 11:00 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 11:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 11:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 11:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 11:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 11:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 11:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 11:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 11:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 11:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 11:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 11:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 11:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 11:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 11:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 01:35 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 01:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}] 2011-04-20 23:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-11-29 296096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-17 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 assd;assd; [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688] S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504] S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000Core.job - c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000UA.job - c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab FF - ProfilePath - c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi . - - - - ORPHANS REMOVED - - - - . BHO-{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file) Toolbar-Locked - (no file) AddRemove-113270367 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe AddRemove-11551673 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe AddRemove-UNO® - Undercover™ - c:\progra~2\SHOCKW~1.COM\UNOUND~1\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\05\0d\09-\0c?" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-05 15:51:09 ComboFix-quarantined-files.txt 2013-02-05 23:51 ComboFix2.txt 2013-02-03 21:01 ComboFix3.txt 2013-01-10 14:53 . Pre-Run: 393,055,653,888 bytes free Post-Run: 393,963,016,192 bytes free . - - End Of File - - 2AD3F31DA49B40373EDE97B6C2025D04 Everything seems to be running fine and CPU usage is much lower than it was before -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++ --- User --- [MBR] c109e6cbb74cc7ed16fc4a15ef895d59 [bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02052013_02d0004.txt >> RKreport[1]_S_02052013_02d0004.txt RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : z [Admin rights] Mode : Remove -- Date : 02/05/2013 00:06:01 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Guest.z-PC.000 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED [HJPOL] HKCU\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED [HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++ --- User --- [MBR] c109e6cbb74cc7ed16fc4a15ef895d59 [bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02052013_02d0006.txt >> RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : z [Admin rights] Mode : Shortcuts HJfix -- Date : 02/05/2013 00:11:08 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 1 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 96 / Fail 0 Start menu: Success 1 / Fail 0 User folder: Success 272 / Fail 0 My documents: Success 4 / Fail 4 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 596 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 283 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped Finished : << RKreport[3]_SC_02052013_02d0011.txt >> RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt ; RKreport[3]_SC_02052013_02d0011.txt -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
ESET scan: C:\Qoobox\Quarantine\C\ProgramData\Bcool\background.html.vir Win32/Adware.MultiPlug.H application C:\Qoobox\Quarantine\C\ProgramData\Bcool\eekifemnhghopphmadcfepmcbnnphcnj.crx.vir Win32/Adware.MultiPlug.H application C:\Users\z\.swt\Downloads\Downloads\10_8.exe multiple threats C:\Users\z\.swt\Downloads\10_8.exe multiple threats C:\Users\z\.swt\Downloads\jak.htm HTML/Iframe.B.Gen virus C:\Users\z\.swt\Downloads\jak_001.htm HTML/Iframe.B.Gen virus C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251 multiple threats C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc multiple threats -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
Thanks for keeping it open. I've had several problems while offline and have had to restore (and undo restores) multiple times, including dates prior to any of the steps above so I'm sure some old issues crept up again, along with new ones. I now have random shut-offs (even while plugged in and fully charged) and my screen brightness changes out of nowhere while simply browsing and the cooling fans go nuts. Plus MSE is turned off and can't be started (Error 0x8007002). I'll redo all the above tonight or in the morning and get back when I'm at the ESET scan. -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
Sorry, my internet was shut off during the scan. Since I'm moving this month anyway I won't have any service til next month. Just to be safe I'll do the last steps when I get connected but I can already tell things are much better. Thanks a lot for all your help. I'm gonna go over these logs while I'm offline and see if I can't learn something. -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.10.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 z :: Z-PC [administrator] Protection: Enabled 1/10/2013 9:49:37 AM mbam-log-2013-01-10 (09-49-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 298595 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
I thought the site looked a little "cheap" but checking it's rep I guess it's beyond safe. # AdwCleaner v2.105 - Logfile created 01/10/2013 at 09:34:50 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : z - Z-PC # Boot Mode : Normal # Running from : C:\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Conduit Folder Deleted : C:\Users\dwayne\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Vuze_Remote Folder Deleted : C:\Users\z\AppData\Local\APN Folder Deleted : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Folder Deleted : C:\Users\z\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com ***** [Registry] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\Software\GamesBarSetup Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\prefs.js Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\z\\AppData\\Roaming\\Mozilla\\Firef[...] Deleted : user_pref("extensions.gencrawler@some.com.install-event-fired", true); -\\ Google Chrome v23.0.1271.97 File : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.12] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr", Deleted [l.2125] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr", ************************* AdwCleaner[R1].txt - [4282 octets] - [10/01/2013 09:34:06] AdwCleaner[s1].txt - [4295 octets] - [10/01/2013 09:34:50] ########## EOF - C:\AdwCleaner[s1].txt - [4355 octets] ########## -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
It's taken me through a couple pages to a download from bleepingcomputer. Is this what I need or did I click on the wrong things? The pages on the previous site were mostly in French and switching between English and French doesn't change it. -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
Junkware log: ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\ilivid Successfully deleted: [Registry Key] hkey_local_machine\software\ilivid Successfully deleted: [Registry Key] hkey_local_machine\software\iminent Successfully deleted: [Registry Key] hkey_current_user\software\startsearch Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasmancs Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cc59e0f9-7e43-44fa-9faa-8377850bf205} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205} ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\best buy pc app" Successfully deleted: [Folder] "C:\ProgramData\iminent" Successfully deleted: [Folder] "C:\ProgramData\installmate" Successfully deleted: [Folder] "C:\ProgramData\iwin" Successfully deleted: [Folder] "C:\ProgramData\pc1data" Successfully deleted: [Folder] "C:\ProgramData\premium" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\iminent" Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\iwin" Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\media finder" Successfully deleted: [Folder] "C:\Users\z\AppData\Roaming\pcpro" Successfully deleted: [Folder] "C:\Users\z\appdata\local\babylon" Successfully deleted: [Folder] "C:\Users\z\appdata\local\best buy pc app" Successfully deleted: [Folder] "C:\Users\z\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\z\appdata\local\ilivid player" Successfully deleted: [Folder] "C:\Users\z\appdata\local\iwin" Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\babylontoolbar" Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\z\appdata\locallow\toolbar4" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\fbphotozoom" Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid" Successfully deleted: [Folder] "C:\Program Files (x86)\iminent" Successfully deleted: [Folder] "C:\Program Files (x86)\iminent toolbar" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bcool" Successfully deleted: [Folder] "C:\Users\z\appdata\local\google\chrome\user data\default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0" Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ FireFox Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchtheweb.xml" Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\user.js Successfully deleted: [File] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\searchplugins\askcom.xml Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@babylontc.com" Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\conduitcommon Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\fctb Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\ffxtlbr@babylon.com Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} Successfully deleted: [Folder] C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444} Successfully deleted the following from C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\prefs.js user_pref("CT2504091..clientLogIsEnabled", false); user_pref("CT2504091..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2504091..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT2504091.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true); user_pref("CT2504091.CTID", "CT2504091"); user_pref("CT2504091.CurrentServerDate", "14-4-2012"); user_pref("CT2504091.DSInstall", false); user_pref("CT2504091.DialogsAlignMode", "LTR"); user_pref("CT2504091.DialogsGetterLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.DownloadReferralCookieData", ""); user_pref("CT2504091.EMailNotifierPollDate", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.EnableClickToSearchBox", false); user_pref("CT2504091.EnableSearchHistory", false); user_pref("CT2504091.EnableSearchSuggest", false); user_pref("CT2504091.FeedLastCount129079840422964131", 0); user_pref("CT2504091.FeedPollDate128891351169457140", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.FeedPollDate129079840422964131", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.FeedTTL128891351169457140", 40); user_pref("CT2504091.FirstServerDate", "14-4-2012"); user_pref("CT2504091.FirstTime", true); user_pref("CT2504091.FirstTimeFF3", true); user_pref("CT2504091.FixPageNotFoundErrors", true); user_pref("CT2504091.GroupingServerCheckInterval", 1440); user_pref("CT2504091.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT2504091.HPInstall", false); user_pref("CT2504091.HasUserGlobalKeys", true); user_pref("CT2504091.Initialize", true); user_pref("CT2504091.InitializeCommonPrefs", true); user_pref("CT2504091.InstallationAndCookieDataSentCount", 1); user_pref("CT2504091.InstallationType", "UnknownIntegration"); user_pref("CT2504091.InstalledDate", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.IsGrouping", false); user_pref("CT2504091.IsInitSetupIni", true); user_pref("CT2504091.IsMulticommunity", false); user_pref("CT2504091.IsOpenThankYouPage", false); user_pref("CT2504091.IsOpenUninstallPage", false); user_pref("CT2504091.LanguagePackLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440); user_pref("CT2504091.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT2504091.LastLogin_3.10.0.1", "Sat Apr 14 2012 03:03:29 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.LatestVersion", "3.10.0.1"); user_pref("CT2504091.Locale", "en-us"); user_pref("CT2504091.MCDetectTooltipHeight", "83"); user_pref("CT2504091.MCDetectTooltipShow", false); user_pref("CT2504091.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2504091.MCDetectTooltipWidth", "295"); user_pref("CT2504091.MyStuffEnabledAtInstallation", true); user_pref("CT2504091.OriginalFirstVersion", "3.10.0.1"); user_pref("CT2504091.SearchBackToDefaultEngine", false); user_pref("CT2504091.SearchCaption", "Web Search"); user_pref("CT2504091.SearchFromAddressBarIsInit", true); user_pref("CT2504091.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="); user_pref("CT2504091.SearchInNewTabEnabled", true); user_pref("CT2504091.SearchInNewTabIntervalMM", 1440); user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2504091.SearchInNewTabUserEnabled", false); user_pref("CT2504091.SearchProtectorToolbarDisabled", true); user_pref("CT2504091.SendProtectorDataViaLogin", true); user_pref("CT2504091.ServiceMapLastCheckTime", "Sat Apr 14 2012 03:03:26 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.SettingsLastCheckTime", "Sat Apr 14 2012 03:03:27 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.SettingsLastUpdate", "1331729343"); user_pref("CT2504091.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2504091&SearchSource=13"); user_pref("CT2504091.ThirdPartyComponentsInterval", 504); user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat Apr 14 2012 03:03:26 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586"); user_pref("CT2504091.ToolbarDisabled", true); user_pref("CT2504091.ToolbarShrinkedFromSetup", false); user_pref("CT2504091.TrusteLinkUrl", "http://trust.conduit.com/CT2504091"); user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT2504091.UserID", "UN91214868072606966"); user_pref("CT2504091.alertChannelId", "897164"); user_pref("CT2504091.approveUntrustedApps", false); user_pref("CT2504091.components.1000034", false); user_pref("CT2504091.components.129079840422182852", false); user_pref("CT2504091.components.129079840422339107", false); user_pref("CT2504091.components.129079840422964131", false); user_pref("CT2504091.components.129079849636241789", false); user_pref("CT2504091.components.129707804829376918", false); user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.homepageProtectorEnableByLogin", true); user_pref("CT2504091.initDone", true); user_pref("CT2504091.isAppTrackingManagerOn", true); user_pref("CT2504091.isSearchProtectorNotifyChanges", false); user_pref("CT2504091.myStuffEnabled", true); user_pref("CT2504091.myStuffPublihserMinWidth", 400); user_pref("CT2504091.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT2504091.myStuffServiceIntervalMM", 1440); user_pref("CT2504091.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT2504091.navigateToUrlOnSearch", false); user_pref("CT2504091.revertSettingsEnabled", false); user_pref("CT2504091.searchProtectorDialogDelayInSec", 10); user_pref("CT2504091.searchProtectorEnableByLogin", true); user_pref("CT2504091.testingCtid", ""); user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sat Apr 14 2012 03:03:28 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)"); user_pref("CT2504091.usagesFlag", 2); user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"0ed21444a51360e874a1a819c752a8cb1\""); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/897164/892962/US", "\"0\""); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\""); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "C5ZJe6gL80JBW5CuLy+wkg=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg=="); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:1308\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"75babe825203d7a8eecb898dcf55bf17\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"b751c0bb41b1519d39b2b1c04f5e2cd5\""); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\z\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hgeawx3j.default\\conduitCommon\\modules\\3.10.0.1"); user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); user_pref("CommunityToolbar.ToolbarsList", "CT2504091"); user_pref("CommunityToolbar.ToolbarsList2", "CT2504091"); user_pref("CommunityToolbar.ToolbarsList4", "CT2504091"); user_pref("CommunityToolbar.globalUserId", "ba44276f-fcb0-410d-a3c2-04510cb3260f"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 14 2012 03:03:30 GMT-0700 (Pacific Daylight Time)"); user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Apr 14 2012 03:03:38 GMT-0700 (Pacific Daylight Time)"); user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com"); user_pref("CommunityToolbar.notifications.locale", "en"); user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 14 2012 03:03:27 GMT-0700 (Pacific Daylight Time)"); user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com"); user_pref("CommunityToolbar.notifications.showTrayIcon", false); user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); user_pref("CommunityToolbar.notifications.userId", "c3e72112-beb7-4dff-9720-46f9d5b99f4b"); user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties"); user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "orgnl"); user_pref("extensions.BabylonToolbar.bbDpng", 14); user_pref("extensions.BabylonToolbar.dfltSrch", false); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.hmpg", false); user_pref("extensions.BabylonToolbar.lastDP", 14); user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0"); user_pref("extensions.BabylonToolbar.newTab", false); user_pref("extensions.BabylonToolbar.noFFXTlbr", false); user_pref("extensions.BabylonToolbar.propectorlck", 75578083); user_pref("extensions.BabylonToolbar.smplGrp", "free"); user_pref("extensions.adapter@babylontc.com.install-event-fired", true); user_pref("extensions.crossriderapp2258@crossrider.com.install-event-fired", true); user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true); user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"www.facebook.com/ai.php?aed=AQLUwDkJhjNqAksNUKXyVp_9tWt0maxFM_BARdKejELJVJmHuB1c099rNSOgl_bl2eNQnFo user_pref("extensions.toolbar@ask.com.install-event-fired", true); Emptied folder: C:\Users\z\AppData\Roaming\mozilla\firefox\profiles\hgeawx3j.default\minidumps [114 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 01/10/2013 at 7:51:28.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It seems at some point between MSE and Junkware the PC Cleaner msg. finally went away. I'll go on with the next step,,, -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
MSE finished and detected no threats. I'll go on to Junkware... -
Stuck without ant-virus, can't find conflicting program
zombi2 replied to zombi2's topic in Resolved Malware Removal Logs
Here is the ComboFix log: ComboFix 13-01-08.01 - z 01/10/2013 6:41.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.3665 [GMT -8:00] Running from: c:\users\z\.swt\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\intellidownload\gunzip.exe c:\program files (x86)\smartdl c:\program files (x86)\smartdl\gunzip.exe c:\program files (x86)\smartdl\status-o c:\programdata\Bcool c:\programdata\Bcool\background.html c:\programdata\Bcool\eekifemnhghopphmadcfepmcbnnphcnj.crx c:\programdata\Roaming C:\torrent.exe c:\windows\msvcr71.dll . . ((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 ))))))))))))))))))))))))))))))) . . 2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\dwayne\AppData\Local\temp 2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest.z-PC\AppData\Local\temp 2013-01-10 14:49 . 2013-01-10 14:49 -------- d-----w- c:\users\Guest.z-PC.000\AppData\Local\temp 2013-01-10 03:48 . 2013-01-10 03:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\offreg.dll 2013-01-09 10:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 10:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 10:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 10:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 10:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 10:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 10:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 10:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 10:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 10:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 08:41 . 2013-01-09 08:41 -------- d-----w- c:\users\z\AppData\Roaming\Malwarebytes 2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\programdata\Malwarebytes 2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-09 08:40 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\users\z\AppData\Local\Programs 2013-01-08 11:34 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\mpengine.dll 2013-01-05 19:54 . 2013-01-05 19:54 -------- d-----w- c:\programdata\AtomShockwave 2013-01-01 20:54 . 2013-01-01 20:54 -------- d-----w- c:\users\z\AppData\Roaming\Shockwave 2012-12-22 16:49 . 2012-12-22 16:49 -------- d-----w- c:\users\z\AppData\Roaming\GreenGamesandHamPackages 2012-12-22 16:49 . 2012-12-22 16:49 -------- d-----w- c:\program files (x86)\GreenGamesandHam 2012-12-22 11:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 11:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 11:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 11:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-14 09:15 . 2012-12-14 09:15 -------- d-----w- c:\users\z\AppData\Roaming\VideoReDo-TVSuite4 2012-12-13 11:01 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-13 01:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-13 01:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-13 01:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 01:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 12:12 . 2011-09-02 04:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2013-01-09 11:03 . 2012-09-13 10:00 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-01 20:53 . 2012-02-12 09:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2013-01-01 20:53 . 2012-02-12 09:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-01-01 20:53 . 2012-02-12 09:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2013-01-01 20:53 . 2012-02-12 09:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-12-07 08:18 . 2012-03-30 16:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-07 08:18 . 2011-12-10 05:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-05 17:38 . 2012-02-27 01:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-12-05 17:37 . 2012-02-25 20:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-12-05 17:37 . 2012-02-25 20:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-30 04:45 . 2013-01-09 10:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 18:52 . 2012-11-29 18:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-11-29 18:52 . 2012-11-29 18:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-11-29 12:40 . 2012-02-25 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-11-29 12:40 . 2012-02-27 01:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-11-29 12:39 . 2012-02-27 01:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-11-29 12:39 . 2012-02-27 01:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-23 10:29 . 2012-11-23 10:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-23 10:29 . 2011-12-09 03:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-15 20:46 . 2012-02-25 20:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-10-16 08:38 . 2012-11-28 20:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 20:22 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 20:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}] 2011-04-20 23:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-11-29 296096] . c:\users\Guest.z-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-6-30 16032] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-17 549040] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-6-30 16032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 assd;assd; [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688] S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344] S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000Core.job - c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09] . 2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000UA.job - c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab FF - ProfilePath - c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . BHO-{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file) Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-113270367 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe AddRemove-11551673 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe AddRemove-UNO® - Undercover™ - c:\progra~2\SHOCKW~1.COM\UNOUND~1\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\05\0d\09-\0c?" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-10 06:53:51 ComboFix-quarantined-files.txt 2013-01-10 14:53 . Pre-Run: 384,160,370,688 bytes free Post-Run: 392,792,207,360 bytes free . - - End Of File - - 871B084EA08474481ECF558E7EECA4B1 -
Hello. I'm trying to install AVG Anti-Virus and, after uninstalling my Trend Micro trial as it instructed, I now a message to remove PC Cleaner Pro. I also have an Action Center message: PC Cleaner Pro reports that it is turned off and must be turned on manually using the program. The thing is I've never download this nor do I ever allow the "piggy backs" on other programs. This has never been listed in my programs, does not appear in searches, no taskbar messages from it, and it's never running in Task Manager. I searched manually and found one file: C:\Users\z\AppData\Roaming\PC Cleaners. I removed it and restarted but still get the same messages. I can't find anything else relating to the program. I'd appreciate any help you can give me. Thanks DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by z at 21:39:49 on 2013-01-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4091 [GMT -8:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Windows\system32\WLANExt.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Pogo Games\PGMTrusted.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\system32\taskeng.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Users\z\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Free Download Manager\fdm.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mWinlogon: Userinit = userinit.exe, BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{227579B9-7CD9-49A3-B9CA-69FA0EB0F962} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{227579B9-7CD9-49A3-B9CA-69FA0EB0F962}\2456C6B696E6F5E413F575962756C6563737F5647343136473 : DHCPNameServer = 192.168.2.1 63.135.48.130 63.135.48.195 206.130.130.2 206.130.133.2 TCP: Interfaces\{227579B9-7CD9-49A3-B9CA-69FA0EB0F962}\E4544574541425 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{A5A2C899-452B-43CD-AC0E-42A2E8452A5E} : DHCPNameServer = 192.168.1.1 Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://asus.msn.com x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\z\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\z\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . ============= SERVICES / DRIVERS =============== . R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2011-9-1 27264] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536] R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-9-1 379520] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688] R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344] R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-3-23 31920] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-1 2656280] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-9-1 16768] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896] R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272] R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-28 142632] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-28 317440] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-7-28 169584] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-2 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-10 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-10 03:48:51 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\offreg.dll 2013-01-09 10:37:20 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 10:37:20 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 10:37:09 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-09 10:37:07 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-09 10:37:06 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-09 10:37:05 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-09 10:37:03 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-09 10:37:03 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-09 10:37:02 800768 ----a-w- C:\Windows\System32\usp10.dll 2013-01-09 10:37:02 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-01-09 08:41:09 -------- d-----w- C:\Users\z\AppData\Roaming\Malwarebytes 2013-01-09 08:40:57 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-09 08:40:56 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-09 08:40:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-09 08:40:24 -------- d-----w- C:\Users\z\AppData\Local\Programs 2013-01-08 15:52:57 -------- d-----w- C:\Users\z\AppData\Local\{23B530F3-A67F-4359-9609-BA484BA8EB4F} 2013-01-08 11:34:45 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D50CF6C0-4486-4F2C-B386-CCD797C49534}\mpengine.dll 2013-01-05 19:54:53 -------- d-----w- C:\ProgramData\AtomShockwave 2013-01-05 11:52:16 -------- d-----w- C:\Users\z\AppData\Local\{E9DC0313-1A51-4DE3-9FC5-08760502F17A} 2013-01-01 20:54:12 -------- d-----w- C:\Users\z\AppData\Roaming\Shockwave 2012-12-31 02:41:17 -------- d-----w- C:\Users\z\AppData\Local\{F69E70E3-E420-4491-AFFB-A31E7B77D198} 2012-12-25 16:38:53 -------- d-----w- C:\Users\z\AppData\Local\{DD903AE3-D9D8-4056-BB09-F336D3D928F6} 2012-12-23 20:25:54 -------- d-----w- C:\Users\z\AppData\Local\{79F2117F-B622-4B8F-B9BE-DB204430A0CF} 2012-12-22 21:08:51 -------- d-----w- C:\Users\z\AppData\Local\{3FCDB2E9-7DD7-4100-A9DC-702617A8127A} 2012-12-22 20:23:27 -------- d-----w- C:\Users\z\AppData\Local\{F33F758F-3104-43B2-AF67-0E3ED21A5B51} 2012-12-22 16:49:02 -------- d-----w- C:\Users\z\AppData\Roaming\GreenGamesandHamPackages 2012-12-22 16:49:00 -------- d-----w- C:\Program Files (x86)\GreenGamesandHam 2012-12-22 11:01:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 11:01:33 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 11:01:33 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 11:01:32 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-21 15:33:49 -------- d-----w- C:\Users\z\AppData\Local\{3EAB7B88-EBB3-4CFE-BF0E-3F3E70FD4ECF} 2012-12-14 09:15:35 -------- d-----w- C:\Users\z\AppData\Roaming\VideoReDo-TVSuite4 2012-12-13 11:01:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-12-13 01:35:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-13 01:35:45 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-13 01:35:14 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-13 01:35:14 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll . ==================== Find3M ==================== . 2013-01-09 12:12:51 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe 2013-01-01 20:53:41 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2013-01-01 20:53:41 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2013-01-01 20:53:41 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2013-01-01 20:53:41 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-12-07 08:18:48 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-07 08:18:48 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-29 18:52:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-11-29 18:52:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-11-23 10:29:36 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-23 10:29:36 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll . ============= FINISH: 21:40:46.15 =============== DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/8/2011 9:40:03 AM System Uptime: 1/9/2013 9:23:01 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | U56E Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 792/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 571 GiB total, 357.899 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP174: 12/28/2012 1:11:21 PM - Windows Update RP175: 1/1/2013 11:47:29 AM - Windows Update RP176: 1/8/2013 3:34:04 AM - Windows Update RP177: 1/9/2013 3:00:24 AM - Windows Update . ==== Installed Programs ====================== . 1 vs 100™ 7-Zip 4.57 Adobe Flash Player 11 ActiveX 64-bit Adobe Flash Player 11 Plugin Alchemy Alcor Micro USB Card Reader Alien Shooter Alien Sky Alien Stars Aquaball Are You Smarter Than A 5th Grader: Make The Grade (remove only) Asmedia ASM104x USB 3.0 Host Controller Driver Astro Pop ASUS AI Recovery ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear Hybrid ASUS Secure Delete ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS USB Charger Plus ASUS Virtual Camera AsusScr_U46_ENG AsusVibe2.0 ATK Package Atlantis Atlantis Quest Atlantis! Backspin Billiards Ballistik Balloon Blast Balloon Express Battle Slots (remove only) BeachBlox (remove only) Bejeweled 2 Deluxe Bejeweled 3 Bejeweled Twist™ Best Buy Connect Best Buy pc app BeTrapped! Bettys Beer Bar Big Brain Wolf Big Fish Games: Game Manager Bing Bar Bonus Mania Slots (remove only) Bonus Mania Slots Pack 2 Bricks Of Atlantis (remove only) calibre Casino Chaos (remove only) Casino Island To Go Casino Island To Go (remove only) CasinoVal.Au Chicken Attack Deluxe (remove only) Chicken Invaders 2 (remove only) Chicken Invaders 3: Christmas Edition (remove only) Chicken Invaders 4: Easter Edition (remove only) CLUE Classic Concentration (remove only) Cowball (remove only) Curse:The Eye of Isis (remove only) CyberLink LabelPrint CyberLink Power2Go D3DX10 Deal or No Deal (remove only) DivX Setup Dolphins Dice Slots (remove only) Dr Jekyll And Mr Hyde Extended Edition (remove only) Echoes of the Past: the Citadels of Time (remove only) Egyptian Ball (remove only) Elements (remove only) Enigmatis: The Ghosts of Maple Creek (remove only) Epic Slot: Rock Hero (remove only) Epic Slots: Raiders of the Lost Tomb (remove only) ETDWare PS/2-X64 8.0.5.3_WHQL Fast Boot Fireworks Extravaganza Fishdom: Spooky Splash (remove only) Free Download Manager 3.9.2 Ghostery IE Plugin Google Chrome Great Escapes Solitaire Greedy Words (remove only) Green Games And Ham Games Console GreenGamesandHam Packages Halloween: Trick or Treat (remove only) Hidden Expedition Titanic House of 1000 Doors: Family Secrets Collector's Edition (remove only) iLivid Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor 2.0 Intel® WiDi Intel® Wireless Display Intel® PROSet/Wireless WiMAX Software iRoll (remove only) Java 7 Update 9 Java Auto Updater Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only) Junk Mail filter update Lottso! Deluxe (remove only) Luxor Evolved (remove only) Magic Ball 2 (remove only) Magic Ball 4 (remove only) Mahjong Garden Deluxe Mahjong Garden Deluxe (remove only) Mahjongg Dimensions (remove only) Mahjongg Dimensions Deluxe 2 (remove only) Mahjongg: Under Investigation (remove only) Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Monkey Money Slots (remove only) Monkey Money Slots 2 (remove only) Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service Mr Jones' Graveyard Shift (remove only) MSVCRT MSVCRT_amd64 Mystery Stories: Mountains of Madness (remove only) Mystic Palace Slots Nightmare on the Pacific (remove only) Nuance PDF Reader OpenAL OPERATION MANIA Phlinx To Go Pictureka Museum Mayhem (remove only) Pogo Games RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Reel Deal Epic Slot: Forrest Gump Reel Deal Slot Quest: Alice in Wonderland (remove only) Reel Deal Slot Quest: Galactic Defender (remove only) Reel Deal Slot Quest: Under the Sea (remove only) Reel Deal Slot Quest: Vampire Lord (remove only) Reel Deal Slots American Adventure (remove only) Ricochet Recharged Righteous Kill 2 (remove only) RocketBowl Rocketbowl Plus (remove only) Saints & Sinners Bowling Saints and Sinners Bingo Saints and Sinners Bowling (remove only) SceneSwitch Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Slingo Mystery (remove only) Slingo Mystery 2: The Golden Escape (remove only) Slingo Quest Amazon (remove only) Slingo Quest Egypt (remove only) Slingo Quest Hawaii (remove only) Slingo Supreme (remove only) Slot Quest: The Museum Escape (remove only) Slot Quest: Wild West (remove only) Snapshot Adventures (remove only) Sonic Focus Spooky Mall (remove only) StuffIt Expander 2011 TextTwist 2 (remove only) The Alchemist Slots (remove only) The Great Sea Battle: The Game of Battleship The Poppit Show (remove only) The Sims Carnival™ Bumper Blast Totem Treasure 2 (remove only) Tri-Peaks 2 Quest for the Ruby Ring (remove only) Tri-Peaks Solitaire To Go (remove only) Tri Peaks 2 Quest For The Ruby Ring Tumble Bees To Go Twistingo (remove only) Unity Web Player UNO® - Undercover™ Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App Vampire Mansion (remove only) Vampires vs Zombies (remove only) VC80CRTRedist - 8.0.50727.6195 Vegas Penny Slots Pack (remove only) Vegas Penny Slots Pack 3 Veoh Giraffic Video Accelerator Veoh Web Player VideoPad Video Editor VideoReDo TVSuite Version 4.20.7.629 VLC media player 2.0.1 Vuze Way To Go Bowling (remove only) Way To Go! Bowling WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Movie Maker 2.6 WINetia (remove only) WinFlash WinRAR 4.20 (32-bit) WinZip 16.0 Wireless Console 3 WMS Slots: Jungle Wild (remove only) Word Bird Supreme Word U (remove only) Word Whomp Underground (remove only) WordJong (remove only) World Class Solitaire World Mosaics (remove only) WorldWinner Games Yatzy Twist (remove only) Zombie Bowl-O-Rama Zombie Bowl O Rama (remove only) . ==== Event Viewer Messages From Past Week ======== . 1/9/2013 2:16:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/9/2013 2:16:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/9/2013 2:16:22 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 1/9/2013 2:16:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/9/2013 2:16:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/9/2013 2:16:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO discache spldr Wanarpv6 1/8/2013 11:44:05 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s). 1/5/2013 5:18:01 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. . ==== End Of File ===========================
-
Can't find PC Cleaner Pro to remove it
zombi2 replied to zombi2's topic in Malwarebytes for Windows Support Forum
I don't know the cause but it was from from Malwarebytes as soon as the new tab opened. This is what the log lists: 2013/01/09 21:39:15 -0800 Z-PC z IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49336, Process: fdm.exe) -
Can't find PC Cleaner Pro to remove it
zombi2 replied to zombi2's topic in Malwarebytes for Windows Support Forum
Thanks for your replies. I went through the user files manually and found a single 4k file, C:\Users\z\AppData\Roaming\PC Cleaners. Malwarebytes blocked the IP when I hit the Pro Nuke link but I'll need to go the full route in the removal thread anyway. I saw 'Norton' in a couple stray files and know for a fact that I never downloaded anything openly related to that. Norton is forever banished from any computer I have control of since it invited 'System Tool' to come over and party on a previous laptop. In a way Norton was worse. At least System Tool provided some colorful distraction while it drunkenly tore up the place, Norton chasing a tracking cookie from Pogo the whole time. Maybe he thought he could eat it or something, I don't know. He was obviously stoned . -
I'm trying to install AVG Anti-virus and get a message to delete this program. I also have an Action Center message that PC Cleaner is turned off and must be turned on manually. The thing is I never downloaded this, it's not in my program list, nothing comes up when I search for it, and I never see it running in Task Manager. Aside from the 2 messages I can't find any evidence that I have, or ever had, this program. I downloaded Rkill in safe mode, Downloaded Malwarebytes, did a full scan, removed the trojans it found (no PCP or anything similarly named was found though). Then did a full scan in regular mode, got of the one PUP I didn't delete the first time and restarted againt but I still have the same 2 messages. Are there any specific folders I can look through manually, anything PCP is known to hide in?
