ilivid

[JoeBob]

I'm pretty sure that I got this from a Boy Scout forum. No good deed, etc.

Malwarebytes Pro scanned and found two false Java updates and removed them, but the main pop-up continues to appear in the lower right corner with a variety of offers.

Ran DDS. Attach.txt did not appear.

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Joe at 22:22:32 on 2012-10-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4389 [GMT -4:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files (x86)\FireTrust\MailWasher\MailWasherPro.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://drudgereport.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyOverride = *.local;192.168.*.*

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [AdobeBridge]

uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\Backup Assistant Plus Service.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MISSIN~1.LNK - C:\Program Files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

Trusted Zone: google.com\b.mail

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: paypal.com\www

DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C1F0840F-0CDC-4EAF-8DBA-F1C6F5D5D5B5} : DhcpNameServer = 192.168.0.1

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

Hosts: 198.15.104.132 www.google-analytics.com.

Hosts: 198.15.104.132 ad-emea.doubleclick.net.

Hosts: 198.15.104.132 www.statcounter.com.

Hosts: 72.29.93.243 www.google-analytics.com.

Hosts: 72.29.93.243 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-2 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-9 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-9 676936]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-5-2 3289680]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-5-2 173920]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-10-2 25640]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-10-2 30528]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]

S3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-25 2214504]

S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2012-10-09 22:25:44 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes

2012-10-09 22:25:39 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-09 22:25:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-09 22:25:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-26 11:10:47 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-11 18:47:42 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-11 18:47:42 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-11 18:47:33 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-11 18:47:33 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-11 18:47:24 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-11 18:47:24 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-11 18:47:24 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2012-10-09 02:43:35 25640 ----a-w- C:\Windows\gdrv.sys

2012-10-09 01:35:46 30528 ----a-w- C:\Windows\GVTDrv64.sys

2012-10-08 18:30:18 25640 ----a-w- C:\Windows\etdrv.sys

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files (x86)\openofficeorg33.msi

2011-01-18 08:52:10 475016 ----a-w- C:\Program Files (x86)\setup.exe

.

============= FINISH: 22:22:45.76 ===============

Many thanks in advance!

Joe

[MrCharlie]

Welcome to the forum.

Please download MiniToolBox to your desktop:

http://download.blee...MiniToolBox.exe

Right click MiniToolBox and select " Run as administrator " to run it.

Check the following in the list:

List Installed programs

Click Go

Please post the contents of the Result.txt in your next Reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next...............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC (be back in am)

------->Your topic will be closed if you haven't replied within 3 days!<--------

[JoeBob]

Found Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/2/2010 9:14:20 AM

System Uptime: 10/9/2012 9:42:02 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R

Processor: Intel® Core i7 CPU 960 @ 3.20GHz | Socket 1366 | 3238/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 152.314 GiB free.

D: is CDROM ()

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

R: is FIXED (NTFS) - 1863 GiB total, 1076.15 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP161: 8/16/2012 1:32:38 AM - Windows Update

RP162: 8/23/2012 7:58:51 AM - Scheduled Checkpoint

RP163: 8/30/2012 10:24:37 AM - Scheduled Checkpoint

RP164: 9/7/2012 12:24:47 PM - Scheduled Checkpoint

RP165: 9/12/2012 12:45:09 AM - Windows Update

RP166: 9/19/2012 7:30:40 PM - Scheduled Checkpoint

RP167: 9/24/2012 3:00:10 AM - Windows Update

RP168: 9/26/2012 6:01:22 PM - Windows Update

RP169: 10/4/2012 3:45:12 PM - Scheduled Checkpoint

RP170: 10/9/2012 3:55:20 PM - Windows Modules Installer

.

==== Hosts File Hijack ======================

.

Hosts: 198.15.104.132 www.google-analytics.com.

Hosts: 198.15.104.132 ad-emea.doubleclick.net.

Hosts: 198.15.104.132 www.statcounter.com.

Hosts: 72.29.93.243 www.google-analytics.com.

Hosts: 72.29.93.243 ad-emea.doubleclick.net.

Hosts: 72.29.93.243 www.statcounter.com.

.

==== Installed Programs ======================

.

@BIOS

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.3)

Apple Application Support

Apple Software Update

Compatibility Pack for the 2007 Office system

Easy Tune 6 B10.0728.1

EpsonNet Print

FastPrint 1.70 Build 090115

FileZilla Client 3.5.3

Google Chrome

Google SketchUp 8

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

MailWasherPro

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft Office Access database engine 2007 (English)

Microsoft Office Small Business Edition 2003

Microsoft Store Download Manager

Microsoft Streets & Trips 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable Package

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Missing Sync for Android

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

NEF Codec

NeoComposite3

NeoPackProfessional3

Notepad++ version 6.1.2

OpenOffice.org 3.3

PDF Settings CS5

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

ThumbsPlus

Timestone License Manager

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VIPRE Antivirus

Zenfolio Uploader

.

==== Event Viewer Messages From Past Week ========

.

10/9/2012 9:43:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

10/9/2012 6:08:09 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

.

==== End Of File ===========================

Working on your reply - thanks for being so quick!

Joe

[JoeBob]

MiniToolBox by Farbar Version: 23-07-2012

Ran by Joe (administrator) on 09-10-2012 at 22:56:41

Microsoft Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

=========================== Installed Programs ============================

@BIOS (Version: 2.08)

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)

Adobe Media Player (Version: 1.8)

Adobe Photoshop CS5 (Version: 12.0)

Adobe Reader X (10.1.3) (Version: 10.1.3)

Apple Application Support (Version: 1.4.1)

Apple Mobile Device Support (Version: 3.3.0.69)

Apple Software Update (Version: 2.1.3.127)

Bonjour (Version: 2.0.4.0)

Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)

Easy Tune 6 B10.0728.1 (Version: 1.00.0000)

EpsonNet Print (Version: 2.4j)

FastPrint 1.70 Build 090115

FileZilla Client 3.5.3 (Version: 3.5.3)

Google Chrome (Version: 22.0.1229.92)

Google SketchUp 8 (Version: 3.0.14346)

Intel® Rapid Storage Technology (Version: 9.6.0.1014)

iTunes (Version: 10.1.1.4)

Java Auto Updater (Version: 2.0.7.1)

Java 6 Update 31 (Version: 6.0.310)

KONICA MINOLTA Universal PS

MailWasherPro (Version: 1.3.0)

Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031)

Microsoft Office Small Business Edition 2003 (Version: 11.0.5614.0)

Microsoft Store Download Manager (Version: 2.8.4431.2)

Microsoft Streets & Trips 2010 (Version: 17.0.18.2200)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable Package (Version: 1.0.0)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)

Microsoft_VC90_ATL_x86 (Version: 1.00.0000)

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)

Missing Sync for Android (Version: 1.6.1.201)

MobileMe Control Panel (Version: 3.1.6.0)

MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)

MotoHelper MergeModules (Version: 1.2.0)

Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Music Manager

NEF Codec (Version: 1.00.0000)

NeoComposite3

NeoPackProfessional3

Notepad++ version 6.1.2 (Version: 6.1.2)

NVIDIA Control Panel 275.33 (Version: 275.33)

NVIDIA Display Control Panel (Version: 6.14.12.5896)

NVIDIA Graphics Driver 275.33 (Version: 275.33)

NVIDIA Install Application (Version: 2.275.78.0)

NVIDIA Update 1.3.5 (Version: 1.3.5)

NVIDIA Update Components (Version: 1.3.5)

OpenOffice.org 3.3 (Version: 3.3.9567)

PDF Settings CS5 (Version: 10.0)

PVSonyDll (Version: 1.00.0001)

QuickTime (Version: 7.69.80.9)

Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)

Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)

ThumbsPlus

ThumbsPlus (Version: 8.1.0.3537)

Timestone License Manager

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

VIPRE Antivirus (Version: 5.2.5162)

Zenfolio Uploader

**** End of log ****

QuarantineReport.txt from RogueKiller:

Time : 09/10/2012 22:59:37

--------------------------

ERROR [pcalua.exe.vir] -> C:\Windows\system32\pcalua.exe

ERROR [setup[1].exe.vir] -> C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WM3RMKC\Setup[1].exe

[dds.scr.vir] -> C:\Users\Joe\Desktop\dds.scr

See you AM as well.

Thanks again,

Joe

[MrCharlie]

Can you run RogueKiller again and post the log, that doesn't look like the correct one. MrC

[JoeBob]

Sorry, I must not have run as administrator last night. Last night's report was from inside a folder that RK put on the desktop, "RK_Quarantine"

This .txt file came up when I repeated the scan this morning :

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Joe [Admin rights]

Mode : Scan -- Date : 10/09/2012 22:59:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] {A7095D19-6EC3-46EC-A4EF-008202A475A7} : C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WM3RMKC\Setup[1].exe" -d C:\Users\Joe\Desktop -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\Joe\Desktop\dds.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

198.15.104.132 www.google-analytics.com.

198.15.104.132 ad-emea.doubleclick.net.

198.15.104.132 www.statcounter.com.

72.29.93.243 www.google-analytics.com.

72.29.93.243 ad-emea.doubleclick.net.

72.29.93.243 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-AGILITY2 3.5 +++++

--- User ---

[MBR] 0d5b3bf30d937369b9712cc9508de717

[bSP] 8c133aa30c978a900275124ec97c7230 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228834 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: RAID-5 +++++

--- User ---

[MBR] 493f892f4c1cbe9d12577fc8c4927ed7

[bSP] 7cac6029736adb5bfc00f36f3bd3ed37 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907732 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Go to the link below and run "Fix It" to restore the original host file:

http://support.microsoft.com/kb/972034

~~~~~~~~~~~~~~~~~~~~

Next................

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

~~~~~~~~~~~~~~~~~~~

Last................

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[JoeBob]

Profile cruising - Nice Labs! Mine:

[JoeBob]

First Action:

ListParts by Farbar Version: 02-10-2012

Ran by Joe (administrator) on 10-10-2012 at 09:57:18

Windows 7 (X64)

Running From: C:\Users\Joe\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 23%

Total physical RAM: 6142.4 MB

Available physical RAM: 4703.95 MB

Total Pagefile: 12282.99 MB

Available Pagefile: 10669.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (SSD-BOOT) (Fixed) (Total:223.47 GB) (Free:151.93 GB) NTFS

8 Drive r: (RAID-5) (Fixed) (Total:1863.02 GB) (Free:1076.15 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 223 GB 0 B

Disk 1 Online 1863 GB 1024 KB

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 223 GB 101 MB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C SSD-BOOT NTFS Partition 223 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1863 GB 1024 KB

======================================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 R RAID-5 NTFS Partition 1863 GB Healthy

======================================================================================================

****** End Of Log ******

[JoeBob]

BTW: Did the MS FixIt.

Kapersky 1 :

10:01:56.0217 4464 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

10:01:56.0545 4464 ============================================================

10:01:56.0545 4464 Current date / time: 2012/10/10 10:01:56.0545

10:01:56.0545 4464 SystemInfo:

10:01:56.0545 4464

10:01:56.0545 4464 OS Version: 6.1.7601 ServicePack: 1.0

10:01:56.0545 4464 Product type: Workstation

10:01:56.0545 4464 ComputerName: MAG7

10:01:56.0545 4464 UserName: Joe

10:01:56.0545 4464 Windows directory: C:\Windows

10:01:56.0545 4464 System windows directory: C:\Windows

10:01:56.0545 4464 Running under WOW64

10:01:56.0545 4464 Processor architecture: Intel x64

10:01:56.0545 4464 Number of processors: 8

10:01:56.0545 4464 Page size: 0x1000

10:01:56.0545 4464 Boot type: Normal boot

10:01:56.0545 4464 ============================================================

10:01:56.0748 4464 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:01:56.0748 4464 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1700000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:01:56.0763 4464 ============================================================

10:01:56.0763 4464 \Device\Harddisk0\DR0:

10:01:56.0763 4464 MBR partitions:

10:01:56.0763 4464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:01:56.0763 4464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1000

10:01:56.0763 4464 \Device\Harddisk1\DR1:

10:01:56.0763 4464 MBR partitions:

10:01:56.0763 4464 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E0A000

10:01:56.0763 4464 ============================================================

10:01:56.0763 4464 C: <-> \Device\Harddisk0\DR0\Partition2

10:01:56.0779 4464 R: <-> \Device\Harddisk1\DR1\Partition1

10:01:56.0779 4464 ============================================================

10:01:56.0779 4464 Initialize success

10:01:56.0779 4464 ============================================================

10:02:33.0143 4672 Deinitialize success

Kapersky 2 "Post Too Long Error": Trying to figure out how to attach.

[JoeBob]

TDSSKiller.2.8.10.0_10.10.2012_10.04.36_log.txt

[MrCharlie]

That scan was clean....please clean out temp files:

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~

Then...........

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

[JoeBob]

TFC ran fine.

adwcleaner was blocked by SmartScreen Filter (ie9)

Want me to try Chrome?

[JoeBob]

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 11:02:11

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Joe - MAG7

# Boot Mode : Normal

# Running from : C:\Users\Joe\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Ask

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKU\S-1-5-21-3430556371-3959146057-3840519633-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.92

File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1328 octets] - [10/10/2012 11:02:11]

########## EOF - C:\AdwCleaner[R1].txt - [1388 octets] ##########

[MrCharlie]

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
   

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

[JoeBob]

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 11:09:28

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Joe - MAG7

# Boot Mode : Normal

# Running from : C:\Users\Joe\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.92

File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1453 octets] - [10/10/2012 11:02:11]

AdwCleaner[R2].txt - [1513 octets] - [10/10/2012 11:08:53]

AdwCleaner[s1].txt - [1307 octets] - [10/10/2012 11:09:28]

########## EOF - C:\AdwCleaner[s1].txt - [1367 octets] ##########

[MrCharlie]

Next...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[JoeBob]

ComboFix 12-10-10.02 - Joe 10/10/2012 11:24:18.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4879 [GMT -4:00]

Running from: c:\users\Joe\Desktop\ComboFix.exe

AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Setup.exe

c:\users\Joe\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe

c:\users\Joe\z45174Lf.exe

R:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))

.

.

2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes

2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\programdata\Malwarebytes

2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-09 22:25 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-26 11:10 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-11 18:47 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-11 18:47 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-11 18:47 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-11 18:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-11 18:47 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-11 18:47 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-11 18:47 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 02:43 . 2010-10-02 14:03 25640 ----a-w- c:\windows\gdrv.sys

2012-10-09 01:35 . 2010-10-02 14:14 30528 ----a-w- c:\windows\GVTDrv64.sys

2012-10-08 18:30 . 2010-10-02 14:14 25640 ----a-w- c:\windows\etdrv.sys

2012-09-12 04:45 . 2010-10-02 13:44 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 18:15 . 2012-08-15 12:17 3148800 ----a-w- c:\windows\system32\win32k.sys

2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files (x86)\openofficeorg33.msi

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Missing Sync for Android Sync Manager.lnk - c:\program files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exe [2011-4-6 15584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-26 57976]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-05-02 3289680]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-10-08 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-10-09 30528]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]

R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-04-14 85248]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-02 1255736]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-05-02 173920]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430556371-3959146057-3840519633-1000Core.job

- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 22:10]

.

2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430556371-3959146057-3840519633-1000UA.job

- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 22:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://drudgereport.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: google.com\b.mail

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: paypal.com\www

TCP: DhcpNameServer = 192.168.0.1

DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Backup Assistant Plus\Backup Assistant Plus Service.exe

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

SafeBoot-42150152.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe

AddRemove-ThumbsPlus - c:\users\Joe\AppData\Local\{B39A860D-D810-4AC5-AE96-C8A6F044859E}\ThumbsPlus8sp1setup-3535.exe

AddRemove-{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93} - c:\users\Joe\AppData\Local\{B39A860D-D810-4AC5-AE96-C8A6F044859E}\ThumbsPlus8sp1setup-3535.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-10 11:27:22

ComboFix-quarantined-files.txt 2012-10-10 15:27

.

Pre-Run: 167,099,609,088 bytes free

Post-Run: 166,482,354,176 bytes free

.

- - End Of File - - 49F44405875008E9F8D6C3168609E369

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[JoeBob]

Whatever the most recent action was, I think you got it! I've been noticing ilivid pop ups present all morning, even on the sites you sent me to to download tools. But now I seem to be free of the sometimes lewd solicitations and prompts for player downloads. I'll give the thread an update this afternoon.

Many thanks!

MBAM:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.10.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Joe :: MAG7 [administrator]

Protection: Enabled

10/10/2012 11:57:24 AM

mbam-log-2012-10-10 (11-57-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245790

Time elapsed: 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Great

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

[JoeBob]

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

GFI Software VIPRE

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 31

Java version out of Date!

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

FireTrust MailWasher MailWasherPro.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

[JoeBob]

Updated Java - directly from Oracle. I dislike the nag updater; in fact a Java spoof was one of the first MBAM quarantines.

Updated Adobe Reader. Same nag issue.

Drice C:/ is a solid state drive. Did not defrag.

[MrCharlie]

Great.............

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!