Jump to content

allank

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for all your help, MrC, and your patience and rapid responses. A pleasure working with you. Sending a token of my appreciation via PayPal.
  2. Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 45 Java version out of Date! Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (25.0) Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  3. Scan completed, no malicious items detected. HJT still shows a lot of "file missing" in services items. Any cause for concern? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:56:44 AM, on 8/8/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17207) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe C:\Users\Zammy\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe C:\ProgramData\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn Rescue (102278) (LMIRescueUA_102278) - LogMeIn, Inc. - C:\Users\Zammy\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe O23 - Service: LogMeIn Rescue (b90816fc-9517-4dc8-a0b2-268dcefc476b) (LMIRescue_b90816fc-9517-4dc8-a0b2-268dcefc476b) - LogMeIn, Inc. - C:\ProgramData\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9124 bytes
  4. Oops, sorry! Yes I did run it, just forgot to include the logs - there are two: # AdwCleaner v3.303 - Report created 07/08/2014 at 21:14:28# Updated 06/08/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Zammy - ZAMMY-HP# Running from : C:\Users\Zammy\Downloads\adwcleaner_3.303.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\searchplugins\safeguard-secure-search.xmlFolder Found : C:\ProgramData\AVG Security Toolbar ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81Key Found : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v25.0 (en-US) [ File : C:\Users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Zammy\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : hbcennhacfaagdopikcegfcobcadeocjFound [Extension] : icdlfehblmklkikfigmjhbmmpmkmpoojFound [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkkFound [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof ************************* AdwCleaner[R0].txt - [3735 octets] - [29/10/2013 22:13:41]AdwCleaner[R1].txt - [2370 octets] - [07/08/2014 21:14:28]AdwCleaner[s0].txt - [3724 octets] - [29/10/2013 22:15:16] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2490 octets] ########## # AdwCleaner v3.303 - Report created 07/08/2014 at 21:16:39# Updated 06/08/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Zammy - ZAMMY-HP# Running from : C:\Users\Zammy\Downloads\adwcleaner_3.303.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Security ToolbarFile Deleted : C:\Users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\searchplugins\safeguard-secure-search.xml ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v25.0 (en-US) [ File : C:\Users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Zammy\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocjDeleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpoojDeleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkkDeleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof [the report just ended here with no closing text - is this normal?]
  5. Hi MrC, Finally got connected again. Here are the three logs requested: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014Ran by Zammy at 2014-08-07 21:10:21 Run:1Running from C:\Users\Zammy\DownloadsBoot Mode: Normal============================================== Content of fixlist:*****************IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirectSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - {312425AB-7270-4C50-B06A-9D238EEC0753} URL =SearchScopes: HKCU - {50E1B13F-7DD6-4AD2-A007-AAB1CC0A9DE9} URL =SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7BB74A69-D23E-4DFF-974E-E4A1FDFDE242}&mid=44e0e16bf38947d0975005cc22f45ab5-2a366f3187c922283063da6f471e57e8f12eb02d〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-02 20:56:10&v=17.1.2.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms} BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No FileBHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No FileToolbar: HKCU - No Name - {46A21652-3F93-437D-AAC0-CAA1F6713DA0} - No FileWinsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll File Not found ()Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll File Not found ()FF Extension: ScorpionSaver - C:\Users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\Extensions\ScorpionSaver@jetpack [2014-03-24]CHR Extension: (AVG Secure Search) - C:\Users\Zammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-07-01]CHR HKCU\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Zammy\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2012-05-31]CHR HKLM-x32\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Zammy\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2012-05-31]***************** "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ehshell.exe" => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{312425AB-7270-4C50-B06A-9D238EEC0753}" => Key deleted successfully."HKCR\CLSID\{312425AB-7270-4C50-B06A-9D238EEC0753}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50E1B13F-7DD6-4AD2-A007-AAB1CC0A9DE9}" => Key deleted successfully."HKCR\CLSID\{50E1B13F-7DD6-4AD2-A007-AAB1CC0A9DE9}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully."HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully."HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{46A21652-3F93-437D-AAC0-CAA1F6713DA0} => value deleted successfully."HKCR\CLSID\{46A21652-3F93-437D-AAC0-CAA1F6713DA0}" => Key not found.Winsock: Catalog entry 000000000001 => Deleted successfully.Winsock: Catalog entry 000000000002 => Deleted successfully.Winsock: Catalog entry 000000000003 => Deleted successfully.Winsock: Catalog entry 000000000004 => Deleted successfully.Winsock: Catalog entry 000000000015 => Deleted successfully.C:\Users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\Extensions\ScorpionSaver@jetpack => Moved successfully.C:\Users\Zammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully."HKCU\SOFTWARE\Google\Chrome\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp" => Key deleted successfully."C:\Users\Zammy\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx" => File/Directory not found."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp" => Key deleted successfully."C:\Users\Zammy\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx" => File/Directory not found. ==== End of Fixlog ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by Zammy on Thu 08/07/2014 at 21:26:38.97~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 08/07/2014 at 21:32:37.54End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ComboFix 14-08-06.02 - Zammy 08/07/2014 21:36:09.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4381 [GMT -5:00]Running from: c:\users\Zammy\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\autorun.infc:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico..((((((((((((((((((((((((( Files Created from 2014-07-08 to 2014-08-08 )))))))))))))))))))))))))))))))..2014-08-08 02:44 . 2014-08-08 02:44 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS2014-08-08 02:44 . 2014-08-08 02:44 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS2014-08-08 02:44 . 2014-08-08 02:44 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS2014-08-08 02:44 . 2014-08-08 02:44 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS2014-08-08 02:18 . 2014-08-08 02:18 -------- d-----w- c:\users\Zammy\AppData\Local\CrashDumps2014-08-06 00:39 . 2014-08-06 00:39 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys2014-08-06 00:39 . 2014-08-06 00:39 -------- d-----w- c:\programdata\RogueKiller2014-08-04 13:36 . 2014-08-04 13:36 -------- d-----w- c:\programdata\Avg_Update_0614a2014-08-03 19:53 . 2014-08-08 02:10 -------- d-----w- C:\FRST2014-08-03 19:49 . 2014-08-08 01:57 -------- d-----w- c:\programdata\LogMeIn Rescue Applet2014-08-03 15:41 . 2014-08-03 15:41 -------- d-----w- c:\program files\Common Files\Canon2014-08-03 15:16 . 2014-08-03 15:16 -------- d-----w- c:\program files (x86)\Port Explorer2014-08-03 15:16 . 2006-10-23 19:32 40960 ----a-w- c:\windows\SysWow64\dcsws2.dll2014-08-03 15:16 . 1999-03-12 19:31 7440 ----a-w- c:\windows\SysWow64\sporder.dll2014-08-03 15:01 . 2014-08-03 15:15 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-08-03 14:54 . 2014-08-03 14:36 95600 ----a-w- c:\windows\system32\unlock64.dll2014-08-03 14:54 . 2014-08-08 01:58 -------- d-----w- c:\users\Zammy\AppData\Local\LogMeIn Rescue Unattended2014-08-03 14:49 . 2014-08-03 14:49 -------- d-----w- c:\users\Zammy\AppData\Roaming\ProductData2014-08-03 14:36 . 2014-08-08 02:22 -------- d-----w- c:\users\Zammy\AppData\Local\LogMeIn Rescue Applet2014-08-03 14:22 . 2014-08-03 14:22 -------- d-----w- c:\users\Zammy\AppData\Local\LogMeInIgnition2014-07-30 15:29 . 2014-08-06 00:27 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-30 15:28 . 2014-08-03 15:00 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-30 15:28 . 2014-07-30 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-07-30 15:28 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-09 19:52 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2014-07-09 19:52 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2014-07-09 19:52 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2014-07-09 19:52 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2014-07-09 19:52 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2014-07-09 19:52 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll2014-07-09 19:52 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll2014-07-09 19:52 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll2014-07-09 19:48 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-09 19:48 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-09 19:48 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-16 22:11 . 2012-06-23 21:37 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.001.bak2014-07-16 22:11 . 2012-06-23 21:37 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2014-07-16 22:11 . 2012-06-23 21:37 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2014-07-16 22:11 . 2012-06-23 21:37 35656 ----a-w- c:\windows\system32\LMIport.dll2014-07-16 22:11 . 2012-06-23 21:37 92488 ----a-w- c:\windows\system32\LMIinit.dll2014-07-10 08:02 . 2010-10-24 20:53 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-09 17:31 . 2012-04-14 23:37 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-07-09 17:31 . 2011-11-10 03:07 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-06-30 17:43 . 2014-06-30 17:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys2014-06-17 21:21 . 2014-06-17 21:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys2014-06-17 21:07 . 2014-06-17 21:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys2014-06-17 21:06 . 2014-06-17 21:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys2014-06-17 21:06 . 2014-06-17 21:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys2014-06-17 21:06 . 2014-06-17 21:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2014-06-17 21:06 . 2014-06-17 21:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys2014-06-17 21:06 . 2014-06-17 21:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys2014-05-12 12:25 . 2012-06-23 20:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-07-10 5187088].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-6-17 1040952].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]R3 MFE_RR;MFE_RR;c:\users\Zammy\AppData\Local\Temp\mfe_rr.sys;c:\users\Zammy\AppData\Local\Temp\mfe_rr.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]S2 LMIRescue_d78bb9f1-8875-4fa4-90a4-2dc2230e39c7;LogMeIn Rescue (d78bb9f1-8875-4fa4-90a4-2dc2230e39c7);c:\users\Zammy\AppData\Local\LOGMEI~2\LMIR0003.tmp\LMI_Rescue_srv.exe;c:\users\Zammy\AppData\Local\LOGMEI~2\LMIR0003.tmp\LMI_Rescue_srv.exe [x]S2 LMIRescueUA_102278;LogMeIn Rescue (102278);c:\users\Zammy\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe;c:\users\Zammy\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe [x]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..Contents of the 'Scheduled Tasks' folder.2014-08-04 c:\windows\Tasks\0614aUpdateInfo.job- c:\programdata\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe [2014-08-04 14:09].2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:31].2014-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1264045749-2277637772-873812554-1001Core.job- c:\users\Zammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 01:37].2014-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1264045749-2277637772-873812554-1001UA.job- c:\users\Zammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 01:37].2014-07-27 c:\windows\Tasks\HPCeeScheduleForZammy.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43].2014-08-03 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job- c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2013-10-30 14:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]2014-08-03 14:42 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7cmLocal Page = c:\windows\SYSTEM32\blank.htmuInternet Settings,ProxyOverride = <-loopback>uSearchAssistant = hxxp://www.google.com/ieLSP: c:\windows\SysWOW64\dcsws2.dllTCP: DhcpNameServer = 192.168.10.1FF - ProfilePath - c:\users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\FF - ExtSQL: 2014-08-03 05:28; ascsurfingprotection@iobit.com; c:\users\Zammy\AppData\Roaming\Mozilla\Firefox\Profiles\atjn8bov.default-1383102531107\extensions\ascsurfingprotection@iobit.com.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKU-Default-Run-AROReminder - c:\program files (x86)\ARO 2012\aro.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:52,59,60,d7,ff,c5,cd,01.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exec:\users\Zammy\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exec:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE.**************************************************************************.Completion time: 2014-08-07 21:49:37 - machine was rebootedComboFix-quarantined-files.txt 2014-08-08 02:49.Pre-Run: 868,980,568,064 bytes freePost-Run: 868,541,530,112 bytes free.- - End Of File - - 3557F7565CE425E46001C605C382A19B
  6. Hi MrC, Having trouble connecting to the remote computer, sorry about the delay - I hope to be able to do it this evening.
  7. Hi MrC, thanks for picking up my post. Here is the RogueKiller log. Just FYI, I access this computer remotely using LogMeIn Rescue, so you will see evidence of it in the log. RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Zammy [Admin rights]Mode : Scan -- Date : 08/05/2014 19:45:21 ¤¤¤ Bad processes : 2 ¤¤¤[suspicious.Path] unattended.exe -- C:\Users\Zammy\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp \unattended.exe[7] -> KILLED [TermProc][suspicious.Path] (SVC) LMIRescueUA_102278 -- "C:\Users\Zammy\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp \unattended_srv.exe" -service -unattendedid 1441109[7] -> STOPPED ¤¤¤ Registry Entries : 19 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | 83_1553251102278 : "C:\ProgramData\LMIR0001.tmp_r.bat" -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LMIRescueUA_102278 -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LMIRescueUA_102278 -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LMIRescueUA_102278 -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1264045749-2277637772-873812554-1001\Software\Microsoft\Windows \CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons \NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons \NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons \NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons \NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[suspicious.Path] 0614aUpdateInfo.job -- C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0614a /INFORETRY=3) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤[PUP][CHROME:Addon] Default : AVG Secure Search [ndibdjnfmopecpmkdieinmbadjfpblof] -> FOUND ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++--- User ---[MBR] c849028eea93c58ff9970b4d62098f92[bSP] 44429fadb6f4f8fcc9eec59e96134630 : Unknown MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941493 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928384512 | Size: 12274 MBUser = LL1 ... OKUser != LL2 ... KO!--- LL2 ---[MBR] 5cb408c98b3cf93ddbe686a520d7613a[bSP] 882d86b54172af65a5bf2aa41615f27b : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 264071168 | Size: 300 MB +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )
  8. Forgot to mention that the computer picked up a virus, but it seems to have been cleaned. I suspect that there is stuff left over that is causing the issues with the services.
  9. Hi, Win 7 Home Premium, all Windows updates applied. Ran MB, MB Rootkit Beta, ESET online scan (found only a couple of PUPs), all report no issues, but several services won't start, can't change Windows Update settings, and many other weird manifestations. Ran sfc /scannow - no issues. Any help will be greatly appreciated. HJT log hijackthis.log, Frst.txt FRST.txt, and addition.txt Addition.txtattached. Cheers, Allan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.