Jump to content

Chantel4eel

Honorary Members
 View Profile  See their activity

  • Posts

    23

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Chantel4eel
    Kevin, Yes that's fine. I have had no issues since then. Thanks again for you assistance. Chantel
  2. Chantel4eel
    Kevin, I think I'm good here. I ran MB upon startup just to make sure and both AVG and MB were clear. There is no flashing or freezing since I restarted. It was probably because I had those other items opened when the scan had started and I guess conflicted. Thanks again. Chantel
  3. Chantel4eel
    Kevin, Sorry about the previous post I was typing and it was freezing, after the scan is done I will restart and let you know the status.
  4. Chantel4eel
    Kevin, This may be nothing but my AVG is doing is scheduled scan (and may be the reason) but my screen briefly flickered twice which also brief but it may have just been because of the scan in progress and the programs I am using at the same time. Chantel
  5. Chantel4eel
    Kevin, Everything seems quiet on this end (working fine). I have no further concerns. Thank you for your assistance in solving my issues. Chantel
  6. Chantel4eel
    Kevin, Followed the instructions and everything is working now.
  7. Chantel4eel
    Kevin, I take back what I said about nothing being wrong. When I try to open any Microsoft Office application or document a box that says click to run application manager pops up saying try again or I need to repair the product in the control panel. So it looks like in order for me to use Office at this point I may need to click the update. Will wait for your suggestion.
  8. Chantel4eel
    Kevin, I still get the Click to Run window when I start up but other than that I don't get the shockwave window, no freezing, and no more multiple files. So I should I just click the okay for the Click to Run since it says its a Microsoft update from the window? Other than that I haven't noticed anything like before.
  9. Chantel4eel
    ComboFix 14-12-10.03 - guardian 12/12/2014 13:19:13.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1977.1095 [GMT -5:00] Running from: c:\users\guardian\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-11-12 to 2014-12-12 ))))))))))))))))))))))))))))))) . . 2014-12-12 18:30 . 2014-12-12 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-12-12 18:30 . 2014-12-12 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-12-12 01:47 . 2014-12-12 01:47 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-12-12 01:47 . 2014-12-12 01:47 -------- d-----w- c:\programdata\RogueKiller 2014-12-12 01:20 . 2014-12-12 01:20 0 ----a-w- c:\windows\SysWow64\shoAC27.tmp 2014-12-12 01:18 . 2014-12-12 01:18 -------- d-----w- c:\windows\system32\appraiser 2014-12-12 01:08 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2014-12-12 01:08 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll 2014-12-12 01:08 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2014-12-12 01:08 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe 2014-12-12 01:08 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll 2014-12-12 01:08 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll 2014-12-12 01:08 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe 2014-12-12 01:08 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe 2014-12-12 01:08 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll 2014-12-12 01:08 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll 2014-12-11 23:39 . 2014-12-11 23:40 -------- d-----w- C:\NPE 2014-12-11 23:36 . 2014-12-12 00:49 -------- d-----w- c:\users\guardian\AppData\Local\NPE 2014-12-11 23:15 . 2014-12-11 23:15 -------- d-----w- c:\windows\ERUNT 2014-12-11 22:52 . 2014-12-11 23:04 -------- d-----w- C:\AdwCleaner 2014-12-11 15:24 . 2014-11-22 02:49 2885120 ----a-w- c:\windows\system32\iertutil.dll 2014-12-11 15:23 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-12-11 15:23 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-12-11 15:23 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys 2014-12-11 15:15 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe 2014-12-11 15:15 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe 2014-12-11 15:15 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll 2014-12-11 15:15 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll 2014-12-11 15:15 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll 2014-12-11 15:15 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe 2014-12-11 15:15 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll 2014-12-11 15:15 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll 2014-12-11 15:15 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll 2014-12-11 15:15 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll 2014-12-11 15:15 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll 2014-12-11 15:15 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe 2014-12-11 15:14 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll 2014-12-11 15:14 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-12-11 08:20 . 2014-12-11 08:20 -------- d-----w- c:\program files\Adblock Plus for IE 2014-12-11 03:46 . 2014-12-11 06:29 -------- d-----w- c:\programdata\ProductData 2014-12-10 18:32 . 2014-12-10 18:32 -------- d-----w- c:\users\guardian\AppData\Roaming\QuickScan 2014-12-10 17:38 . 2014-11-27 01:43 813744 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2014-12-02 02:11 . 2014-12-02 02:11 -------- d-----w- c:\users\guardian\AppData\Roaming\Nik Software 2014-12-02 01:34 . 2014-12-02 01:34 -------- d-----w- c:\users\guardian\AppData\Roaming\wacomid-desktop-launcher 2014-12-02 01:06 . 2014-12-02 01:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2014-12-01 18:31 . 2014-12-01 18:31 -------- d-----w- c:\programdata\Alias 2014-12-01 18:30 . 2014-12-11 06:26 -------- d-----w- c:\program files (x86)\Autodesk 2014-12-01 18:28 . 2014-12-11 06:26 -------- d-----w- c:\program files (x86)\Common Files\InstallShield 2014-12-01 18:24 . 2014-12-11 06:27 -------- d-----w- c:\program files\Nik Software 2014-12-01 18:15 . 2014-12-01 18:15 -------- d-----w- c:\program files\Common Files\Adobe 2014-12-01 18:07 . 2012-04-24 08:01 10864 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2014-12-01 18:07 . 2012-04-24 08:01 11376 ------w- c:\windows\system32\drivers\cdralw2k.sys 2014-12-01 18:07 . 2012-08-10 08:01 56336 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2014-12-01 18:06 . 2014-12-11 06:26 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared 2014-11-25 18:59 . 2014-11-25 18:59 18638520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2014-11-19 17:51 . 2014-11-19 17:51 -------- d-----w- c:\users\guardian\AppData\Roaming\Wacom 2014-11-19 17:51 . 2014-11-19 18:05 -------- d-----w- c:\programdata\Wacom 2014-11-19 17:50 . 2014-11-19 17:51 -------- d-----w- c:\program files (x86)\Bamboo Dock 2014-11-19 17:48 . 2014-11-19 17:49 -------- d-----w- c:\users\guardian\AppData\Roaming\WTablet 2014-11-19 17:48 . 2014-11-19 17:48 -------- d-----w- c:\program files (x86)\TabletPlugins 2014-11-19 17:21 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-19 17:21 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-19 17:21 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-19 17:21 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-13 17:33 . 2014-11-13 17:33 -------- d-sh--w- c:\users\guardian\AppData\Local\EmieBrowserModeList 2014-11-13 16:02 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-11-13 16:02 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-12 17:56 . 2012-04-04 22:28 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-12-12 17:56 . 2011-11-28 21:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-12-12 01:10 . 2012-07-11 19:07 112710672 ----a-w- c:\windows\system32\MRT.exe 2014-12-12 00:48 . 2014-10-03 01:22 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-21 11:14 . 2014-10-03 01:21 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-21 11:14 . 2014-10-03 01:21 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-21 11:14 . 2014-10-03 01:21 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-08 05:58 . 2014-11-08 05:58 0 ----a-w- c:\windows\SysWow64\sho76B7.tmp 2014-10-30 02:35 . 2014-10-30 02:35 263960 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2014-10-25 01:57 . 2014-11-12 17:55 77824 ----a-w- c:\windows\system32\packager.dll 2014-10-25 01:32 . 2014-11-12 17:55 67584 ----a-w- c:\windows\SysWow64\packager.dll 2014-10-22 20:07 . 2014-10-22 20:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED39184F-6723-4725-B187-5FF387BB85EA}\offreg.dll 2014-10-22 18:26 . 2014-10-22 18:26 0 ----a-w- c:\windows\SysWow64\shoE5EF.tmp 2014-10-20 07:37 . 2014-10-22 19:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED39184F-6723-4725-B187-5FF387BB85EA}\mpengine.dll 2014-10-14 02:16 . 2014-11-12 18:00 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-10-14 02:13 . 2014-11-12 18:00 683520 ----a-w- c:\windows\system32\termsrv.dll 2014-10-14 02:13 . 2014-11-12 17:55 3241984 ----a-w- c:\windows\system32\msi.dll 2014-10-14 02:12 . 2014-11-12 18:00 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-10-14 02:09 . 2014-11-12 18:00 146432 ----a-w- c:\windows\system32\msaudite.dll 2014-10-14 02:07 . 2014-11-12 18:00 681984 ----a-w- c:\windows\system32\adtschema.dll 2014-10-14 01:50 . 2014-11-12 18:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-10-14 01:50 . 2014-11-12 17:55 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-10-14 01:49 . 2014-11-12 18:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-10-14 01:47 . 2014-11-12 18:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2014-10-14 01:46 . 2014-11-12 18:00 681984 ----a-w- c:\windows\SysWow64\adtschema.dll 2014-10-10 20:14 . 2014-10-10 20:14 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2014-10-10 00:57 . 2014-11-12 17:55 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-10-06 02:41 . 2014-10-06 02:41 124184 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2014-10-03 02:12 . 2014-11-12 18:01 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2014-10-03 02:11 . 2014-11-12 18:01 284672 ----a-w- c:\windows\system32\EncDump.dll 2014-10-03 02:11 . 2014-11-12 18:01 680960 ----a-w- c:\windows\system32\audiosrv.dll 2014-10-03 02:11 . 2014-11-12 18:01 440832 ----a-w- c:\windows\system32\AudioEng.dll 2014-10-03 02:11 . 2014-11-12 18:01 296448 ----a-w- c:\windows\system32\AudioSes.dll 2014-10-03 01:44 . 2014-11-12 18:01 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll 2014-10-03 01:44 . 2014-11-12 18:01 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll 2014-10-03 01:44 . 2014-11-12 18:01 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll 2014-10-02 19:53 . 2012-01-12 23:12 278152 ------w- c:\windows\system32\MpSigStub.exe 2014-09-25 02:08 . 2014-10-01 14:21 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 14:21 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-19 09:42 . 2014-11-12 17:55 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-09-19 09:42 . 2014-11-12 17:55 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-09-19 09:42 . 2014-11-12 17:55 342016 ----a-w- c:\windows\system32\schannel.dll 2014-09-19 09:42 . 2014-11-12 17:55 309760 ----a-w- c:\windows\system32\ncrypt.dll 2014-09-19 09:42 . 2014-11-12 17:55 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-09-19 09:42 . 2014-11-12 17:55 22016 ----a-w- c:\windows\system32\credssp.dll 2014-09-19 09:23 . 2014-11-12 17:55 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-09-19 09:23 . 2014-11-12 17:55 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-09-19 09:23 . 2014-11-12 17:55 248832 ----a-w- c:\windows\SysWow64\schannel.dll 2014-09-19 09:23 . 2014-11-12 17:55 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-09-19 09:23 . 2014-11-12 17:55 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-09-19 09:23 . 2014-11-12 17:55 17408 ----a-w- c:\windows\SysWow64\credssp.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-12-01 825936] "AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-11-10 3653136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:56] . 2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 02:55] . 2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 02:55] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-19 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-19 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-19 365592] "Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.startpage.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.15.1 TCP: Interfaces\{B34B2F9E-D53D-4F1C-9A68-FCFE01175683}: DhcpNameServer = 192.168.15.1 FF - ProfilePath - c:\users\guardian\AppData\Roaming\Mozilla\Firefox\Profiles\52ai3kjd.default-1414666813992\ FF - prefs.js: browser.startup.homepage - www.startpage.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-12-12 13:34:58 ComboFix-quarantined-files.txt 2014-12-12 18:34 . Pre-Run: 176,012,341,248 bytes free Post-Run: 175,714,365,440 bytes free . - - End Of File - - 4CD3A216C5E6D7A740FBA6A8D898BF30
  10. Chantel4eel
    RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : guardian [Administrator] Mode : Scan -- Date : 12/11/2014 20:55:18 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 16 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3241155814-2163441935-2160369342-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.startpage.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3241155814-2163441935-2160369342-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.startpage.com/ -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3241155814-2163441935-2160369342-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3241155814-2163441935-2160369342-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] 52ai3kjd.default-1414666813992 : user_pref("browser.startup.homepage", "www.startpage.com"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++ --- User --- [MBR] 871ce8f2ef5d2dfb318e20e9c80a6561 [bSP] 3879e8af371b9f96c45109890ff6b6a3 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 MB User = LL1 ... OK User = LL2 ... OK
  11. Chantel4eel
    Okay I forgot to mention that when the start page comes up the "Click to Run" box that says its for a Microsoft Office update come up still. Is this a real update from Microsoft?
  12. Chantel4eel
    The CPU and Physical memory is still close to 90%, drops then goes right back up but the computer isn't freezing or moving as slow as it was before. However I keep getting a pop-up about a command window and taking me to a website that instructs me to download a new version of adobe shockwave because my version is to low, which I found strange and every time I closed the box it pops back so I have to close the window. I have just updated my adobe by going through the program itself and have just restarted my computer which also installed the window update downloads.
  13. Chantel4eel
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 01 Ran by guardian at 2014-12-11 16:26:50 Run:1 Running from C:\Users\guardian\Desktop Loaded Profile: guardian (Available profiles: guardian) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3241155814-2163441935-2160369342-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S3 catchme; \??\C:\ComboFix\catchme.sys [X] 2014-12-10 22:34 - 2014-12-11 01:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2014-12-10 19:20 - 2014-12-10 19:21 - 00044439 _____ () C:\ProgramData\1418257232.952.bin 2014-12-10 19:20 - 2014-12-10 19:21 - 00041163 _____ () C:\ProgramData\1418257232.3096.bin 2014-12-10 19:20 - 2014-12-10 19:21 - 00003195 _____ () C:\ProgramData\1418257232.3668.bin 2014-12-10 19:20 - 2014-12-10 19:21 - 00002930 _____ () C:\ProgramData\1418257232.3664.bin 2014-12-10 19:20 - 2014-12-10 19:20 - 00036583 _____ () C:\ProgramData\1418257223.bdinstall.bin 2014-12-10 16:38 - 2014-12-10 16:38 - 00059509 _____ () C:\ProgramData\1418247393.bdinstall.bin 2014-12-10 16:36 - 2014-12-10 16:36 - 00037823 _____ () C:\ProgramData\1418247373.bdinstall.bin 2014-12-10 13:35 - 2014-12-10 13:35 - 00177403 _____ () C:\ProgramData\1418236320.bdinstall.bin C:\ProgramData\IObit C:\Program Files (x86)\IObit C:\Program Files (x86)\Ask.com EmptyTemp: end ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-3241155814-2163441935-2160369342-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. catchme => Service deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter => Moved successfully. C:\ProgramData\1418257232.952.bin => Moved successfully. C:\ProgramData\1418257232.3096.bin => Moved successfully. C:\ProgramData\1418257232.3668.bin => Moved successfully. C:\ProgramData\1418257232.3664.bin => Moved successfully. C:\ProgramData\1418257223.bdinstall.bin => Moved successfully. C:\ProgramData\1418247393.bdinstall.bin => Moved successfully. C:\ProgramData\1418247373.bdinstall.bin => Moved successfully. C:\ProgramData\1418236320.bdinstall.bin => Moved successfully. C:\ProgramData\IObit => Moved successfully. C:\Program Files (x86)\IObit => Moved successfully. "C:\Program Files (x86)\Ask.com" => File/Directory not found. EmptyTemp: => Removed 24.3 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/11/2014 Scan Time: 1:51:41 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.11.05 Rootkit Database: v2014.12.08.03 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: guardian Scan Type: Threat Scan Result: Completed Objects Scanned: 336732 Time Elapsed: 55 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Deep Rootkit Scan: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) # AdwCleaner v4.105 - Report created 11/12/2014 at 18:04:09 # Updated 08/12/2014 by Xplode # Database : 2014-12-08.2 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : guardian - GUARDIAN-PC # Running from : C:\Users\guardian\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\NCH Software Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\NCH Software Folder Deleted : C:\Users\guardian\AppData\Roaming\NCH Software File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\OCS Key Deleted : HKLM\SOFTWARE\AVG Secure Search Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v33.0.2 (x86 en-US) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [1964 octets] - [11/12/2014 17:52:35] AdwCleaner[s0].txt - [1684 octets] - [11/12/2014 18:04:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1744 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Home Premium x64 Ran by guardian on Thu 12/11/2014 at 18:15:54.36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\guardian\AppData\Roaming\mozilla\firefox\profiles\52ai3kjd.default-1414666813992\prefs.js user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.6.6\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\guardian\ Emptied folder: C:\Users\guardian\AppData\Roaming\mozilla\firefox\profiles\52ai3kjd.default-1414666813992\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 12/11/2014 at 18:22:26.23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Info20141211183958.xml
  14. Chantel4eel
    Kevin, I just tried the FRST/fixlist and as I clicked fix, the screen turned blue and mentioned it was trying to save the computer and I glimpse something saying physical memory dumping but it went to fast for me to read anymore the computer then restarted the following popped up in a little box: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 1e BCP1: FFFFFFFFC0000005 BCP2: FFFFF80003076B49 BCP3: 0000000000000000 BCP4: 0000000000000044 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\121114-51105-01.dmp C:\Users\guardian\AppData\Local\Temp\WER-104052-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt Also you mentioned about changing the settings in Malware they are already set to those settings when I turned on the computer it updated after trying two times the same with AVG and said there was an error during the scan (this was before I read your reply). Also those automatic window updates downloaded again along with the "Click to Run" pop up. I have a screenshot if needed.
  15. Chantel4eel
    Windows update had several automatic updates for my computer that were installed during the shutdown process and were successful. However, turned on the computer the next day and it stated it was doing a 3 stage disk test and said it fixed some drivers and booted the computer up afterwards. When the computer reached the home screen my AVG popped up warning that there were 47 items that needed to be removed said they were viruses that cloned files E..._test? After AVG removed them I did a full scan nothing was found, I also did a full scan with Malwarebtyes nothing. Few hours later the computer moved slower and slower did both scans again nothing. Tried some other software they too detected nothing until finally I couldn't load anything and the computer kept freezing. After nothing else worked I did a system restore to a few days ago and it seems better as I don't see the several duplicate files popping up in the Task Manager but I would like to be sure. So if someone can please take a look for me I would appreciate it. Thanks Chantel FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.