Jump to content

Search the Community

Showing results for tags 'malware removal help'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 10 results

  1. So I was at a website and I downloaded a Filmora 9 Cracked and suddenly windows updated me that there is a virus in my laptop, I immediately checked it and it was a Trojan Virus. I can't remove the file Trojan:Win32/CryptInject!ml and Trojan:Win32/Tiggre!fn even after scanning and deleting the file that I downloaded. I disabled a Program that doesn't have a publisher in Safe mode and when I turned back to normal mode its still there, I can't remove the program cause I deleted the original file, and the Antimalware Service Executable is eating my CPU. I don't know what to do, I tried looking answers in the internet but it still doesn't work. I don't know if this files is good or bad in my laptop, Please help me removing this malware.
  2. I need help. My little brother has just learned how to download things from the internet. and he has. I clean the computer with MBAM and SUPERAntiSpyware at least every other day. But this one hijacker wont go away. I have run at least 7 adware/malware removing tools, and every single time, i open up chrome, and its still there. I need help, or this will drive me crazy!
  3. Hi there, I followed the directions you posted in this thread (https://forums.malwarebytes.org/index.php?/topic/161417-help-removing-buynsave-pub/), and I wanted to attach my zoek results. It looks like the problem is gone because it's no longer in my browser, but I wanted to check. Thank you so much for your help! Best, Alison zoek-results.txt
  4. Hi everyone, thanks for the help, here my problem, see attachements it seems like I can not even use the function copy and paste, that's why I attache the docs. it's getting worst and worst thanks for help!!! FRST.txt Addition.txt
  5. Hey, guys. A couple of days ago I was looking for custom Skyrim stuff on Nexus Mods, and I found some tips to speed up/boost computer performance (Cleanmem and one other I don't remember the name of, sorry). I installed them, then I changed my computer's settings in Advanced System Settings>Advanced>Performance>Settings (I set it to "adjust for best performnace"). Shortly thereafter, my laptop blue screened (she does this often; something is wrong with her RAM. I most often get the KERNEL_INPAGEDATA message.) then booted back up to tell me that she was installing updates. She shut herself down, booted again to say "configuring updates", then let me log on. She claims that my copy of Windows is not genuine (she doesn't say this usually. It is not wholly inaccurate, but it is... well, a very long and [believe it or not] personal story). I cannot run Malwarebytes (even after naming it Zzmbam.COM, and yes, I changed the extension to .COM) or any other antimalware programming from Microsoft (the processes show up in the task manager, but they never get past the few hundred kb stage, where they're being "summoned" as I call it). I cannot access my E: partition at all (any explorer window I open to try to access it, even through shortcuts on the dekstop, it freezes and refuses to respond). When I try to run chkdsk on that partition from an elevated command prompt window and hit enter, it moves the cursor down a line and just sits there, unresponsive outside of the blinking cursor. I cannot empty, access, or delete (with rd /s c:\$Recycle.Bin) my recycle bin. CCleaner gets stuck emptying the recycle bin or dumping various logs. I can run Rkill (it runs successfully and creates a log, but doesn't fix the issue) HitmanPro (gets stuck anywhere between 0% and 3%, in the System32>drivers directory, no log that I know of is created), TDSSKiller (gets stuck at 0 objects, no threats found after hours of running, I can read the report while it runs, but it doesn't change), and Active@ Partition Recovery For Windows [Demo Version] (hangs on "Initializing: Looking for devices..." indefinitely.). Day before yesterday, I shut her down and tried to boot her into safe mode with command prompt, but she got stuck while loading files after "BootDefragDriver.sys" indefinitely until we lost power. When the power came back, I tried (with the same results) booting into safe mode with networking, then plain safe mode, over and over. She would not boot. Even trying "Repair my computer" or "boot to disc" didn't get me any further than a black screen with a moveable cursor. I finally got her to boot by enabling boot logging, then I had to log into my partner's account (also an admin) to even get into the system recovery options; I'm not sure what to do from here, outside of back up all the other files (I really need to get into E:!!) and format the hard drive, then re-install Windows. But I don't want to have to do all that. Anyone have any ideas? My specs: Gateway M-Series laptop running Windows 7 Ultimate 32-bit (Note: I also posted this here: http://tinyurl.com/m4d4btf)
  6. I typed in Level Quality Watcher in google search and the 1st thing on the list was "Level Quality Watcher - Newest Malware Threats - Malwarebytes Forum" My laptop is constantly running and I knew something wasn't right. So I looked at the task manager and clicked on resource monitor. I looked at the services list and I saw Level Quality Watcher and I had seen it in C:\Program Files. I also saw it first in google chrome "cookies" list. I didn't know anything about it but I looked for it in my C drive. I don't know anything about cookies either but decided to look at the list and just kind of study it. I'm always looking at my files (in the C drive - system files, program files, etc.), but don't touch them. I just study them. And I'm always looking in my programs and features folder at the installed programs. I've done this for probably 10 years, I don't know what they are about but I have learned names. I found some names that weren't in the prog and features folder but were in the C:\program files x86 folder. I am probably wrong but if a file name has an .exe extension on it doesn't that make it a program and wouldn't it be in the prog and features list? I was thinking that legitimate programs that you install are in that list and can be uninstalled if you don't like it. But by just reading file after file in folder after folder through the years has taught me what kind of files may be legit on my pc. I found about 5 or 6 different folders with names I haven't recognized and just showed up. I do have a tendency to download a lot of free security/utility programs cause that's what I like most about pcs, I like to see how they work. And when a problem arises I can usually fix it, But not this time. I installed a bunch of security type programs yesterday and today: SuperAntiSpyware, Yours, Malwarebytes, already had CCleaner, Adwcleaner, Spyhunter, ESGshortcutrepairtool, JRT.text, Minitoolbox.text from Bleeping computer.com. and all free. I ran each one of them several times. The last one I ran was yours and the results came out to 0 infections, which was my goal. For some reason I decided to check out this "LQW". Well your scanner didn't detect it and neither did any others. So here I am. My pc isn't running constantly like it was though. It seems to have quieted down; Hope this wasn't too much info but kind of wanted you to know you are dealing with an amateur and sometimes I don't always understand what others are saying when they are helping someone in need. So whatever I have to do please explain in as simple of terms as possible. lol And btw, this is the first time I have ever posted. So I hope I'm doing this right. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/10/2012 6:22:13 PM System Uptime: 11/21/2013 12:07:41 PM (1 hours ago) . Motherboard: TOSHIBA | | PEQAA Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU 1 | 2200/400mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 580 GiB total, 486.85 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: lsnfd Device ID: ROOT\LEGACY_LSNFD\0000 Manufacturer: Name: lsnfd PNP Device ID: ROOT\LEGACY_LSNFD\0000 Service: lsnfd . ==== System Restore Points =================== . RP397: 11/19/2013 7:43:49 AM - Revo Uninstaller's restore point - Mark As Done RP398: 11/19/2013 7:46:29 AM - Revo Uninstaller's restore point - Open It! RP399: 11/19/2013 7:48:05 AM - Revo Uninstaller's restore point - Easy File List 1.1 RP400: 11/19/2013 7:55:57 AM - Revo Uninstaller's restore point - File Opener Pro RP401: 11/19/2013 7:58:05 AM - Revo Uninstaller's restore point - SysInfoTools IE Password Recovery v1.0 RP402: 11/19/2013 8:00:41 AM - Revo Uninstaller's restore point - PasswordPod RP403: 11/19/2013 8:10:57 AM - Revo Uninstaller's restore point - System Requirements Lab for Intel RP404: 11/20/2013 6:41:44 PM - Windows Update RP405: 11/21/2013 2:54:20 AM - Removed avast! Ad Blocker RP406: 11/21/2013 1:38:29 PM - Installed SpyHunter . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Photoshop CS6 Adobe Photoshop Elements 10 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.8) MUI Adobe Shockwave Player 12.0 Aladdins Gold Any Video Converter 5.0.5 Apple Application Support Apple Mobile Device Support Apple Software Update AT&T Troubleshoot & Resolve Tool att.net Internet Mail AVG 2014 Bejeweled 3 Belarc Advisor 8.2 Best Buy pc app Bettys Beer Bar Bing Bar Bing Rewards Client Installer Bonjour Bubbletown CCleaner D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Disk Index DivX Setup DriverUpdate Dropbox DropIt (v5.2) Elements 10 Organizer Expenses Manager 1.0.3.1 Folder Size 2.9.0.0 Free Coins Desktop App 1.13 Free Empty Folder Delete 4.2.6 Free M4a to MP3 Converter 6.1 Free Window Registry Repair Frostbow Home Inventory 5 Lite Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Gutterball 3D Hoyle Card Games 2005 Hoyle Casino Hoyle Puzzle and Board Games HP Photo Creations HP Photosmart 7510 series Basic Device Software HP Photosmart 7510 series Help HP Photosmart 7510 series Product Improvement Study HP Update iCloud Indeo® software Intel AppUp(SM) center Intel® Management Engine Components Intel® PRO/Wireless Driver Intel® Processor Graphics Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® WiDi Intel® PROSet/Wireless Software Internet Explorer (Enable DEP) iTunes Java 7 Update 40 (64-bit) Java 7 Update 45 Java Auto Updater Java SE Development Kit 7 Update 40 (64-bit) Junk Mail filter update Label@Once 1.0 Malwarebytes Anti-Malware version 1.75.0.1300 Masque IGT Slots Little Green Men Masque IGT Slots Lucky Larry's Lobstermania Masque IGT Slots Texas Tea Masque IGT Slots Wolf Run Masque Slots - IGT and MultiPlay Video Poker Masque Video Slots Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Octoshape add-in for Adobe Flash Player Password Corral v4.0 PDF Settings CS6 Peggle Nights 1.0 Photo Common Photo Gallery PlayReady PC Runtime x86 PSE10 STI Installer QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver REALTEK Wireless LAN Driver Renesas Electronics USB 3.0 Host Controller Driver Revo Uninstaller 1.95 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shared C Run-time for x64 Sierra Sports GameRoom Slingo Quest (remove only) SpyHunter SRS Audio Essentials STG FolderPrint Plus 4.09 Super Collapse II SUPERAntiSpyware swMSM Synaptics Pointing Device Driver TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA VIDEO PLAYER TOSHIBA Web Camera Application TOSHIBA Wireless Display Monitor TOSHIBA Wireless LAN Indicator TOSHIBARegistration Troy Conversion LITE TuneUp Utilities Language Pack (en-US) Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition Update for Zip Opener Utility Common Driver VC80CRTRedist - 8.0.50727.6195 Vernons Casino Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WYO Home Inventory 4.16 . ==== Event Viewer Messages From Past Week ======== . 11/21/2013 9:55:38 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control. 11/21/2013 4:09:05 AM, Error: mbamchameleon [61440] - 11/21/2013 12:25:58 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 11/21/2013 12:09:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/21/2013 12:08:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: lsnfd 11/21/2013 12:08:21 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. 11/21/2013 1:40:12 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 11/21/2013 1:24:16 PM, Error: Service Control Manager [7030] - The HOSTS Anti-PUPs service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by girlrocker at 13:42:00 on 2013-11-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3373 [GMT -8:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\alg.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe C:\windows\system32\taskmgr.exe C:\windows\System32\perfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\windows\system32\msiexec.exe C:\Users\GIRLRO~1.000\AppData\Local\Temp\SHSetup.exe C:\windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe C:\windows\system32\vssvc.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mURLSearchHooks: {11111111-1111-1111-1111-110011201183} - <orphaned> mWinlogon: Userinit = userinit.exe, TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [FBCD0EDB5087DADD7FBFBFEBFC95F48C83B3F906._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service uPolicies-Explorer: NoDriveTypeAutoRun = dword:181 uPolicies-Explorer: NoDriveAutoRun = dword:67043323 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.1.254 TCP: Interfaces\{AF6375BE-0CA8-415D-9A3A-A2560696AF4C} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\windows\System32\rundll32.exe C:\windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-9-2 192824] R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-9-2 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-8-20 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-8 31544] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-1-16 55856] R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2011-11-20 482384] R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-9-25 148792] R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-9-2 212280] R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-20 701512] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE [2013-8-30 240288] R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2011-11-20 20592] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-7-1 342528] R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-11-20 25928] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-11-20 38096] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 SRS_AE_Service;SRS Audio;C:\windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE [2013-8-30 193696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?] S3 DFX11_1;DFX Audio Enhancer 11.1;C:\windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-11-17 111616] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200] S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-26 174680] S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-11-20 91352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-17 19456] S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2013-10-13 16152] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-17 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-11-17 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-10 1255736] S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152] S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624] S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-7-14 1436424] S4 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?] S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-20 418376] S4 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-5-28 369152] S4 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-5-28 460288] S4 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-5-28 342528] S4 SRSHDAudioService;SRS HDAudio Lab Service;C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [2012-6-25 13232] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2011-7-26 297344] S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-20 57216] S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848] S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856] S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-20 2656280] . =============== File Associations =============== . FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice] . =============== Created Last 30 ================ . 2013-11-21 21:24:08 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs 2013-11-21 11:12:15 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\ElevatedDiagnostics 2013-11-21 05:45:02 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2013-11-21 04:34:14 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2013 2013-11-21 03:58:29 -------- d-----w- C:\windows\ERUNT 2013-11-21 03:52:56 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\SUPERAntiSpyware.com 2013-11-21 03:52:26 -------- dc----w- C:\Program Files\SUPERAntiSpyware 2013-11-21 03:52:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2013-11-21 03:51:51 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\Malwarebytes 2013-11-21 03:51:49 -------- d-----w- C:\ProgramData\Malwarebytes 2013-11-21 03:51:47 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-11-21 03:51:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-21 03:51:36 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\Programs 2013-11-21 02:43:19 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F774FE2B-A0A7-4A7E-A46D-FE73913536B8}\mpengine.dll 2013-11-21 02:14:30 -------- dc----w- C:\AdwCleaner 2013-11-17 10:00:50 -------- dc----w- C:\Casino 2013-11-16 05:59:54 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\TuneUp Software 2013-11-15 00:01:55 439296 ----a-w- C:\windows\System32\AdpeakProxy64.dll 2013-11-15 00:01:50 338944 ----a-w- C:\windows\SysWow64\AdpeakProxy.dll 2013-11-14 01:40:52 -------- d-----w- C:\windows\SysWow64\wbem\Logs 2013-11-14 01:33:44 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\FolderPrint 2013-11-14 01:01:20 -------- d-----w- C:\Program Files (x86)\Disk Index 2013-11-14 00:32:46 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\Free_Empty_Folder_Delete 2013-11-14 00:16:12 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z 2013-11-14 00:14:59 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\DropIt 2013-11-14 00:14:49 -------- dc----w- C:\Program Files\DropIt 2013-11-14 00:07:22 -------- d-----w- C:\Program Files (x86)\Free Empty Folder Delete 2013-11-13 23:59:11 -------- dc----w- C:\Program Files\Level Quality Watcher 2013-11-13 23:58:16 -------- d-----w- C:\ProgramData\MindGems 2013-11-13 23:58:16 -------- d-----w- C:\Program Files (x86)\Folder Size 2013-11-13 23:54:40 -------- d-----w- C:\Program Files (x86)\stg 2013-11-13 06:45:45 -------- d-----w- C:\Program Files (x86)\Aladdins Gold 2013-11-05 01:18:24 -------- d-----w- C:\Users\girlrocker.000\AppData\Roaming\FreeCoins 2013-11-05 01:18:20 -------- d-----w- C:\Program Files (x86)\FCE 2013-11-05 01:18:05 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FCU 2013-11-05 01:18:04 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FCM 2013-11-05 01:18:02 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FCE 2013-11-05 01:17:54 -------- d-----w- C:\Users\girlrocker.000\AppData\Local\FreeCoins 2013-11-03 19:25:57 -------- d-----w- C:\Users\girlrocker.000\UTILITIES 2013-11-03 19:16:38 -------- d-----w- C:\Users\girlrocker.000\BACKUPS 2013-11-03 13:51:29 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-02 16:06:00 440320 ----a-w- C:\windows\System32\drivers\rtl8187Se.sys 2013-11-02 16:05:59 614400 ----a-w- C:\windows\System32\Rtlihvs.dll 2013-11-02 16:05:59 614400 ----a-w- C:\windows\Rtlihvs.dll 2013-11-02 16:05:59 380928 ----a-w- C:\windows\System32\RtlUI2.exe 2013-11-02 16:05:59 380928 ----a-w- C:\windows\RtlUI2.exe 2013-11-02 16:05:59 188416 ----a-w- C:\windows\System32\RTLExtUI.dll 2013-11-02 16:05:59 188416 ----a-w- C:\windows\RTLExtUI.dll 2013-11-02 16:05:58 451072 ----a-w- C:\windows\SysWow64\ISSRemoveSP.exe 2013-11-02 16:05:58 -------- d-----w- C:\Program Files (x86)\REALTEK RTL8187SE Wireless LAN Driver 2013-10-27 20:31:29 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2013-10-27 20:31:29 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys 2013-10-27 20:31:29 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2013-10-27 20:31:29 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2013-10-27 20:31:29 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2013-10-27 20:31:29 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys . ==================== Find3M ==================== . 2013-10-13 17:33:21 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys 2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL 2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL 2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll 2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-10-04 10:31:11 973736 ----a-w- C:\windows\System32\deployJava1.dll 2013-10-04 10:31:11 1095080 ----a-w- C:\windows\System32\npDeployJava1.dll 2013-10-04 10:31:11 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll 2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll 2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll 2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll 2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll 2013-09-30 01:49:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-30 01:49:32 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys 2013-09-26 04:07:30 148792 ----a-w- C:\windows\System32\drivers\avgdiska.sys 2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe 2013-09-09 13:40:10 40248 ----a-w- C:\windows\System32\TURegOpt.exe 2013-09-09 13:40:02 42808 ----a-w- C:\windows\System32\uxtuneup.dll 2013-09-09 13:40:02 29496 ----a-w- C:\windows\System32\authuitu.dll 2013-09-09 13:40:02 25400 ----a-w- C:\windows\SysWow64\authuitu.dll 2013-09-09 13:40:00 35640 ----a-w- C:\windows\SysWow64\uxtuneup.dll 2013-09-09 08:54:22 829264 ----a-w- C:\windows\System32\msvcr100.dll 2013-09-09 08:54:22 608080 ----a-w- C:\windows\System32\msvcp100.dll 2013-09-09 05:11:42 31544 ----a-w- C:\windows\System32\drivers\avgrkx64.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2013-09-03 21:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-09-02 17:59:14 212280 ----a-w- C:\windows\System32\drivers\avgldx64.sys 2013-09-02 17:29:18 294712 ----a-w- C:\windows\System32\drivers\avgloga.sys 2013-09-02 17:26:50 192824 ----a-w- C:\windows\System32\drivers\avgidsha.sys 2013-09-02 17:26:42 241464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys 2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll 2013-04-25 12:01:14 4126720 ----a-w- C:\Program Files (x86)\GUTF5D8.tmp 2012-03-09 22:32:15 480 ----a-w- C:\Program Files (x86)\0309201214321526.bat . ============= FINISH: 13:42:15.10 ===============
  7. I am running Windows Server 2008 Standard. All my downloads are deleted. Windows Update is not running. I ran a scan deleted the found items. See the following log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.24.07 Windows Server 2008 Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 DWCross :: DCR-SERVER [administrator] 7/24/2013 1:51:29 PM mbam-log-2013-07-24 (13-51-29).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 512191 Time elapsed: 48 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\$Recycle.Bin\S-1-5-21-3478161825-3527343326-2822658981-1000\$RDD5748DD (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\DWCross\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\61f84ab9-37feb95a (Rootkit.0Access) -> Quarantined and deleted successfully. (end) I still cannot download email attachments or access Windows Update. Reading some of the forums, I downloaded Rogue Killer and it turned out the following report: RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Server 2008 (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : DWCross [Admin rights] Mode : Scan -- Date : 07/24/2013 16:11:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [DNS] HKLM\[...]\CCSet\[...]\{830E54FB-1968-4054-B754-2D2B11CA9BB2} : NameServer (216.146.35.35,216.146.36.36,8.8.8.8,10.0.0.2) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{830E54FB-1968-4054-B754-2D2B11CA9BB2} : NameServer (216.146.35.35,216.146.36.36,8.8.8.8,10.0.0.2) -> FOUND [DNS] HKLM\[...]\CS003\[...]\{830E54FB-1968-4054-B754-2D2B11CA9BB2} : NameServer (216.146.35.35,216.146.36.36,8.8.8.8,10.0.0.2) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3478161825-3527343326-2822658981-1000\$0f63b47f65cedf7ef0bcba0f2d84c016\n. [x]) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Volume0 +++++ --- User --- [MBR] d2210731fe35215d2b0509d24876f4d0 [bSP] 2d7b8b4910399633fcc302c4b8ca1ce8 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476935 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: Volume0 +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_07242013_161146.txt >> RKreport[0]_S_07242013_145800.txt;RKreport[0]_S_07242013_153439.txt I did not delete any files with Rogue Killer because I did not know what they were. Can you help me?
  8. I recently bought Malwarebytes Anti-Malware PRO and installed in my laptop. However, the icon is grey and I could not enable malicious website protection. I used "mbam-clean.exe" and restarted my laptop, but still I can't enable the protection. My laptop was infected a couple of times earlier and I cleaned with Anti-Malware PRO, which indicated the malwares had been quarentined and deleted. I also recently scanned my system and there were no malwares at all. I have attach.txt and dds.txt added to this forum. Please help me to remove any malware residues from my laptop and enable the full protection. Thanks in advance. CheckResults.txt DDS.txt Attach.txt
  9. Hi, For the last few days I have constantly (between every 3 seconds and every minute) received balloon messages from Malwarebytes Anti-Malware that read: Successfully blocked access to a potentially malicious website: 83.133.125.41 Type: Outgoing The number is not always the same, but tends to start with 83.133. The threat type is always outgoing which makes me think that the problem is on my computer. I have PC Tools Security and Malwarebytes Anti-Malware trial version 1.60.0.1800 installed on my computer and ran full scans of both programs on both normal mode and safe mode of Windows 7 but found no infections. I saw in forums about this topic that filesharing apllications are often to blame, but I don't use these. I'd really appreciate any help with this problem because I find this constant stream of threat alerts unnerving. Thanks to user "alba" - I cut and pasted most of your post as I'm having the exact same problem. The requested logs are attached. Thank you. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Resident at 8:08:24 on 2012-05-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2320 [GMT -4:00] . AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: PC Tools Internet Security Anti-Spyware *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} FW: PC Tools Internet Security Firewall *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nytimes.com/ uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.local uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} : DhcpNameServer = 10.0.0.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll BHO-X64: Browser Defender BHO - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?] R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?] R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?] R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?] R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?] R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?] R1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;C:\Windows\system32\DRIVERS\pctNdisLW64.sys --> C:\Windows\system32\DRIVERS\pctNdisLW64.sys [?] R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?] R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?] R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-6-8 546768] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-5-17 308592] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696] S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?] S3 pctplfw;pctplfw;\??\C:\Windows\System32\drivers\pctplfw64.sys --> C:\Windows\System32\drivers\pctplfw64.sys [?] S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2011-11-21 402336] S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2011-11-21 1117624] S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?] S3 ThreatFire;ThreatFire;C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe service --> C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe service [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-05-15 18:34:07 55960 ----a-w- C:\Windows\System32\drivers\fsbts.sys 2012-05-15 17:33:17 -------- d-----w- C:\Users\Resident\AppData\Roaming\f-secure 2012-05-15 17:33:09 -------- d-----w- C:\ProgramData\F-Secure 2012-05-15 15:36:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-11 07:42:14 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BD9FF23-47CE-4A6A-8AAF-0C5A33CD3CF7}\mpengine.dll 2012-05-09 00:23:39 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-09 00:23:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-09 00:23:35 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-09 00:23:34 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-09 00:23:34 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-09 00:23:34 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-09 00:13:10 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-09 00:10:02 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-09 00:09:40 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-09 00:09:40 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 00:09:39 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 00:09:39 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-09 00:09:39 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-04-29 21:42:40 -------- d-----w- C:\Users\Resident\AppData\Local\SupportSoft 2012-04-29 21:41:39 -------- d-----w- C:\Program Files (x86)\VERIZONDM 2012-04-29 21:41:11 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft 2012-04-29 21:41:10 -------- d-----w- C:\Windows\VDM 2012-04-29 21:41:10 -------- d-----w- C:\Program Files (x86)\Verizon 2012-04-28 14:34:10 -------- d-----w- C:\Users\Resident\AppData\Local\HuluDesktop 2012-04-28 12:54:27 -------- d-----w- C:\Users\Resident\AppData\Roaming\RegistryCleanerFree 2012-04-28 12:54:27 -------- d-----w- C:\ProgramData\RegistryCleanerFree 2012-04-28 12:54:19 -------- d-----w- C:\Program Files (x86)\RegistryCleanerFree 2012-04-23 21:14:42 -------- d-----w- C:\b9c62a458d03544fe571 2012-04-17 23:42:05 -------- d-----w- C:\Users\Resident\AppData\Roaming\AVG 2012-04-17 22:31:50 -------- d-----w- C:\Users\Resident\AppData\Roaming\AVG2012 2012-04-17 22:31:38 -------- d--h--w- C:\ProgramData\Common Files 2012-04-17 22:30:56 -------- d-----w- C:\ProgramData\AVG2012 2012-04-17 22:30:17 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-17 22:22:51 -------- d-----w- C:\ProgramData\F4D561EA00284D3C013F84D4B4EB2367 2012-04-17 22:17:35 -------- d-----w- C:\ProgramData\MFAData 2012-04-17 16:48:04 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys . ==================== Find3M ==================== . 2012-05-05 05:43:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 05:43:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-05 05:43:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys . ============= FINISH: 8:08:48.69 =============== Attach.txt DDS.txt
  10. Hi there to all readers, I've been having trouble on one of my pc's. I've tried all manor of anti virus software but have had fruitless results. I have used HijackThis and have a log file. I just want to be sure that I'm doing things right. So, what do I do? Many thanks, Matt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.